High severity8.1NVD Advisory· Published Apr 8, 2024· Updated Apr 15, 2026
CVE-2024-28270
CVE-2024-28270
Description
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.