Critical severity9.8NVD Advisory· Published Jul 26, 2024· Updated Apr 15, 2026

CVE-2024-40117

Description

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117nvd
github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Controlnvd
www.solar-log.com/en/support/firmware-database-1nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000