CVE-2024-36523

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/648540858/wvp-GB28181-pro/issues/1456	Exploit Issue Tracking
https://github.com/648540858/wvp-GB28181-pro/issues/1456	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:wvp-pro:gb28181:2.0:*:*:*:pro:*:*:*

History

13 Jun 2025, 14:46

Type	Values Removed	Values Added
First Time		Wvp-pro Wvp-pro gb28181
CPE		cpe:2.3:a:wvp-pro:gb28181:2.0::::pro:::
References	~~() https://github.com/648540858/wvp-GB28181-pro/issues/1456 -~~	() https://github.com/648540858/wvp-GB28181-pro/issues/1456 - Exploit, Issue Tracking

21 Nov 2024, 09:22

Type	Values Removed	Values Added
References	~~() https://github.com/648540858/wvp-GB28181-pro/issues/1456 -~~	() https://github.com/648540858/wvp-GB28181-pro/issues/1456 -

06 Sep 2024, 17:35

Type	Values Removed	Values Added
CWE		CWE-613
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Un problema de control de acceso en Wvp GB28181 Pro 2.0 permite a los usuarios continuar accediendo a la información en la aplicación después de eliminar sus propias cuentas o las de administrador. Esto siempre que los usuarios no cierren sesión en sus cuentas eliminadas.

12 Jun 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 21:15

Updated : 2025-06-13 14:46

NVD link : CVE-2024-36523

Mitre link : CVE-2024-36523

CVE.ORG link : CVE-2024-36523

JSON object : View

Products Affected

wvp-pro

gb28181

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2024-36523", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-12T21:15:50.407", "references": [{"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts."}, {"lang": "es", "value": "Un problema de control de acceso en Wvp GB28181 Pro 2.0 permite a los usuarios continuar accediendo a la informaci\u00f3n en la aplicaci\u00f3n despu\u00e9s de eliminar sus propias cuentas o las de administrador. Esto siempre que los usuarios no cierren sesi\u00f3n en sus cuentas eliminadas."}], "lastModified": "2025-06-13T14:46:07.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wvp-pro:gb28181:2.0:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "7FDF8D26-D4C5-42FC-A7EA-8D67C4946A38"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.5 /10