Vulnerabilities > CVE-2024-51561 - Unspecified vulnerability in 63Moons Aero and Wave 2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

63moons

NVD

Published: 2024-11-04

Updated: 2024-11-06

Summary

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

Vulnerable Configurations

Part	Description	Count
Application	63Moons 63Moons Aero * 63Moons Wave 2.0 *	2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332