VYPR
Unrated severityNVD Advisory· Published Jun 12, 2024· Updated Aug 2, 2024

CVE-2024-37038

CVE-2024-37038

Description

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

Affected products

6
  • Range: Versions C3414-500-S02K5_P8 and prior
  • Schneider Electric/Sage 1430v5
    Range: Versions C3414-500-S02K5_P8 and prior
  • Schneider Electric/Sage 1450v5
    Range: Versions C3414-500-S02K5_P8 and prior
  • Schneider Electric/Sage 2400v5
    Range: Versions C3414-500-S02K5_P8 and prior
  • Schneider Electric/Sage 3030 Magnumv5
    Range: Versions C3414-500-S02K5_P8 and prior
  • Schneider Electric/Sage 4400v5
    Range: Versions C3414-500-S02K5_P8 and prior

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.