CVE-2024-40117

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-40117
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117
https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Control
https://www.solar-log.com/en/support/firmware-database-1
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117
https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Control
Configurations

No configuration.

History

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117 - () https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117 -
References () https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Control - () https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Control -

11 Nov 2024, 23:15

Type Values Removed Values Added
References
  • () https://www.solar-log.com/en/support/firmware-database-1 -
Summary (en) Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. (en) Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

01 Aug 2024, 13:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-284

29 Jul 2024, 14:12

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en Solar-Log 1000 anterior a v2.8.2 y compilación 52-23.04.2013 permite a los atacantes obtener privilegios administrativos mediante la conexión al servidor de administración web.

26 Jul 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-26 20:15

Updated : 2024-11-21 09:30

NVD link : CVE-2024-40117

Mitre link : CVE-2024-40117

CVE.ORG link : CVE-2024-40117

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control