CVE-2024-3765
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
14/04/2024
Last modified:
15/04/2026
Description
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
References to Advisories, Solutions, and Tools
- https://github.com/netsecfish/xiongmai_incorrect_access_control
- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py
- https://vuldb.com/?ctiid.260605
- https://vuldb.com/?id.260605
- https://vuldb.com/?submit.311903
- https://github.com/netsecfish/xiongmai_incorrect_access_control
- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py
- https://vuldb.com/?ctiid.260605
- https://vuldb.com/?id.260605
- https://vuldb.com/?submit.311903