CVE-2024-10381

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:matrixcomsec:cosec_vega_faxq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:matrixcomsec:cosec_vega_faxq:-:*:*:*:*:*:*:*

History

14 Nov 2024, 21:44

Type Values Removed Values Added
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:o:matrixcomsec:cosec_vega_faxq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:matrixcomsec:cosec_vega_faxq:-:*:*:*:*:*:*:*
First Time Matrixcomsec cosec Vega Faxq
Matrixcomsec
Matrixcomsec cosec Vega Faxq Firmware
CWE NVD-CWE-Other

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad existe en Matrix Door Controller Cosec Vega FAXQ debido a una implementación incorrecta de la administración de sesiones en la interfaz de administración basada en web. Un atacante remoto podría aprovechar esta vulnerabilidad enviando una solicitud http especialmente manipulada en el dispositivo vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir a un atacante remoto obtener acceso no autorizado y tomar el control total del dispositivo objetivo.

25 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 13:15

Updated : 2024-11-14 21:44


NVD link : CVE-2024-10381

Mitre link : CVE-2024-10381

CVE.ORG link : CVE-2024-10381


JSON object : View

Products Affected

matrixcomsec

  • cosec_vega_faxq
  • cosec_vega_faxq_firmware
CWE
NVD-CWE-Other CWE-288

Authentication Bypass Using an Alternate Path or Channel