Back to CVE List

CVE-2024-14034

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-287
Source
NVD
Vendor
Belden
Product
Hirschmann HiEOS LRS11

External References

Discussion (0)

Add Comment

No comments yet. Be the first!