CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/648540858/wvp-GB28181-pro/issues/1456
https://github.com/648540858/wvp-GB28181-pro/issues/1456

Configurations

No configuration.

History

21 Nov 2024, 09:22

Type	Values Removed	Values Added
References	~~() https://github.com/648540858/wvp-GB28181-pro/issues/1456 -~~	() https://github.com/648540858/wvp-GB28181-pro/issues/1456 -

06 Sep 2024, 17:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-613

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Un problema de control de acceso en Wvp GB28181 Pro 2.0 permite a los usuarios continuar accediendo a la información en la aplicación después de eliminar sus propias cuentas o las de administrador. Esto siempre que los usuarios no cierren sesión en sus cuentas eliminadas.

12 Jun 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 21:15

Updated : 2024-11-21 09:22

NVD link : CVE-2024-36523

Mitre link : CVE-2024-36523

CVE.ORG link : CVE-2024-36523

JSON object : View

Products Affected

No product.

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2024-36523", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-12T21:15:50.407", "references": [{"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456", "source": "cve@mitre.org"}, {"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts."}, {"lang": "es", "value": "Un problema de control de acceso en Wvp GB28181 Pro 2.0 permite a los usuarios continuar accediendo a la informaci\u00f3n en la aplicaci\u00f3n despu\u00e9s de eliminar sus propias cuentas o las de administrador. Esto siempre que los usuarios no cierren sesi\u00f3n en sus cuentas eliminadas."}], "lastModified": "2024-11-21T09:22:19.770", "sourceIdentifier": "cve@mitre.org"}

6.5 /10