9.8
CVE-2024-5514
- EPSS 0.65%
- Veröffentlicht 30.05.2024 03:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerminmax
≫
Produkt
minmax
Default Statusaffected
Version
-
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.464 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
https://www.chtsecurity.com/news/2dde8d39-59fc-4c09-b4ad-0acf692321c5
https://www.chtsecurity.com/news/6b2393f5-3041-4011-b2ea-528e312c6b3c
https://www.twcert.org.tw/en/cp-139-7831-b9a46-2.html
https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html