CVE-2024-29844

Published Apr 15, 2024

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
Source
430a6cef-dc26-47e3-9fa8-52fb7f19644e
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

430a6cef-dc26-47e3-9fa8-52fb7f19644e
CWE-1392

Social media

Hype score
Not currently trending

References