9.8

CVE-2024-29844

EPSS 0.09%
Veröffentlicht 15.04.2024 00:15:14
Zuletzt bearbeitet 10.12.2025 17:39:49
Quelle 430a6cef-dc26-47e3-9fa8-52fb7f
CVE-Watchlists
Login
Unerledigt
Login

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cs-technologies ≫ Evolution Version <= 2.04.560

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
430a6cef-dc26-47e3-9fa8-52fb7f19644e	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29844

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29844

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29844

EUVD