Unrated severityNVD Advisory· Published Jun 12, 2024· Updated Aug 2, 2024
CVE-2024-37038
CVE-2024-37038
Description
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
Affected products
6- Range: Versions C3414-500-S02K5_P8 and prior
- Schneider Electric/Sage 1430v5Range: Versions C3414-500-S02K5_P8 and prior
- Schneider Electric/Sage 1450v5Range: Versions C3414-500-S02K5_P8 and prior
- Schneider Electric/Sage 2400v5Range: Versions C3414-500-S02K5_P8 and prior
- Schneider Electric/Sage 3030 Magnumv5Range: Versions C3414-500-S02K5_P8 and prior
- Schneider Electric/Sage 4400v5Range: Versions C3414-500-S02K5_P8 and prior
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.