ByteOS Network

CVE Vulnerability Details :

CVE-2024-31200

PUBLISHED

More Info Official Page

Assigner-Nozomi

Assigner Org ID-bec8025f-a851-46e5-b3a3-058e6b0aa23c

Published At-31 Jul, 2024 | 13:16

Updated At-31 Jul, 2024 | 14:21

▼CVE Numbering Authority (CNA)

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

Affected Products

Vendor

Plug&Track

Product

Sensor Net Connect V2

Default Status

unknown

Versions

Affected

2.24 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-201	CWE-201 Insertion of Sensitive Information Into Sent Data

Metrics

Version	Base score	Base severity	Vector
3.1	4.2	MEDIUM	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Solutions

No official patch available from vendor. Implement strict access controls for the temperature monitoring infrastructure. This includes preventing regular clients from accessing the web configuration interface, thereby limiting potential points of exploitation. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly.

Credits

finder

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.

References

Hyperlink	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References