CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*
cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*

History

12 Aug 2024, 18:25

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 - Third Party Advisory
CVSS v2 : unknown
v3 : 4.2
v2 : unknown
v3 : 4.6
CPE cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*
cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*
First Time Proges sensor Net Connect V2
Proges
Proges sensor Net Connect Firmware V2

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Un “CWE-201: Inserción de información confidencial en datos enviados” que afecta la cuenta administrativa permite a un atacante con acceso físico a la máquina recuperar la contraseña en texto plano cuando se abre una sesión administrativa en el navegador.

31 Jul 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-31 14:15

Updated : 2024-08-12 18:25


NVD link : CVE-2024-31200

Mitre link : CVE-2024-31200

CVE.ORG link : CVE-2024-31200


JSON object : View

Products Affected

proges

  • sensor_net_connect_firmware_v2
  • sensor_net_connect_v2
CWE
NVD-CWE-Other CWE-201

Insertion of Sensitive Information Into Sent Data