Vulnerabilities > CVE-2024-2412

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-1220

NVD

Published: 2024-03-13

Updated: 2024-10-14

Summary

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

Common Weakness Enumeration (CWE)

CWE-1220 - Insufficient Granularity of Access Control

References

https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html

Vulnerabilities > CVE-2024-2412 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-2412"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2024-2412