← Retour aux CVEs
CVE-2024-29844
CRITICAL9.8
Description
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/15/2024
Derniere modification12/10/2025
Sourcenvd
Observations honeypot0
Produits affectes
cs-technologies:evolution
Faiblesses (CWE)
CWE-1392
References
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html(430a6cef-dc26-47e3-9fa8-52fb7f19644e)
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.