CVE-2024-47146

EPSS 0.28%
Veröffentlicht 06.12.2024 19:15:12
Zuletzt bearbeitet 10.12.2024 19:45:51
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Ruijie Reyee OS Resource Leak

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ruijienetworks ≫ Reyee Os Version >= 2.206.0 < 2.320.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-47146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47146

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47146