CVE-2024-4225

Severity CVSS v4.0:

Pending analysis

Type:

CWE-284 Improper Access Control

Publication date:

30/04/2024

Last modified:

30/04/2024

Description

Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user&#39;s privilege, steal user&#39;s credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS v3.1 Severity and Metrics:

Base Score: 7.60 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): Low

Base Score 3.x

7.60

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://govtech-csg.github.io/security-advisories/2024/04/29/CVE-2024-4225.html