A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
References
Link | Resource |
---|---|
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
12 Aug 2024, 18:25
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References | () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
CPE | cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:* cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:* |
|
First Time |
Proges sensor Net Connect V2
Proges Proges sensor Net Connect Firmware V2 |
01 Aug 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 Jul 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-31 14:15
Updated : 2024-08-12 18:25
NVD link : CVE-2024-31200
Mitre link : CVE-2024-31200
CVE.ORG link : CVE-2024-31200
JSON object : View
Products Affected
proges
- sensor_net_connect_firmware_v2
- sensor_net_connect_v2
CWE