CVE-2024-4225 Vulnerability Details

  /     /     /  

CVE-2024-4225 Metadata Quick Info

CVE Published: 30/04/2024 | CVE Updated: 09/08/2024 | CVE Year: 2024
Source: GovTech CSG | Vendor: DPS Telecom | Product: NetGuardian DIN Remote Telemetry Unit (RTU)
Status : PUBLISHED

CVE-2024-4225 Description

Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user\'s privilege, steal user\'s credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

Metrics

CVSS Version: 3.1 | Base Score: 7.6 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284 Improper Access Control, CWE-522 Insufficiently Protected Credentials, CWE-79 Improper Neutralization of Input During Web Page Generation
Source: DPS Telecom

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-233
CAPEC Description: CAPEC-233 Privilege Escalation, CAPEC-587 Credentials Exposed through Carelessness or Inadequate Security Practices, CAPEC-87 Stored Cross Site Scripting (XSS), CAPEC-62 Cross-Site Request Forgery (CSRF)


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-4225 Vulnerability Details