CVE-2024-24300

4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.
References
Link Resource
https://github.com/yckuo-sdc/PoC Third Party Advisory Exploit
https://github.com/yckuo-sdc/PoC Third Party Advisory Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:*
cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:*

History

25 Mar 2025, 15:18

Type Values Removed Values Added
First Time 4ipnet eap-767 Firmware
4ipnet eap-767
4ipnet
References () https://github.com/yckuo-sdc/PoC - () https://github.com/yckuo-sdc/PoC - Third Party Advisory, Exploit
CPE cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:*
cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:*

21 Nov 2024, 08:59

Type Values Removed Values Added
References () https://github.com/yckuo-sdc/PoC - () https://github.com/yckuo-sdc/PoC -

16 Aug 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-284
Summary
  • (es) 4ipnet EAP-767 v3.42.00 es vulnerable a un control de acceso incorrecto. El dispositivo utiliza el mismo conjunto de credenciales, independientemente de cuántas veces inicie sesión un usuario, el contenido de la cookie permanece sin cambios.

14 Feb 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-14 23:15

Updated : 2025-03-25 15:18


NVD link : CVE-2024-24300

Mitre link : CVE-2024-24300

CVE.ORG link : CVE-2024-24300


JSON object : View

Products Affected

4ipnet

  • eap-767
  • eap-767_firmware
CWE
CWE-284

Improper Access Control