CVE-2024-1302

HIGH

Badger Meter Monitool < 4.7 - Exposure of Sensitive Information via File Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-1302. PoCs published by guillermogm4.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-1302, an incorrect access control vulnerability in Badgermeter moni::tool version 4.6.3. It explains how an unauthenticated attacker can download sensitive log files, including database logs, by exploiting an unauthenticated endpoint.

Description

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.

Exploits (1)

nomisec WRITEUP
by guillermogm4 · poc
https://github.com/guillermogm4/CVE-2024-1302---Badgermeter-moni-tool-Sensitive-information-exposure

The repository provides a detailed technical analysis of CVE-2024-1302, an incorrect access control vulnerability in Badgermeter moni::tool version 4.6.3. It explains how an unauthenticated attacker can download sensitive log files, including database logs, by exploiting an unauthenticated endpoint.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Badgermeter moni::tool version 4.6.3
No auth needed
Prerequisites: Network access to the vulnerable moni::tool device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.3
EPSS 0.0049
EPSS Percentile 38.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-200
Status published
Products (1)
badgermeter/monitool < 4.7
Published Mar 12, 2024
Tracked Since Feb 18, 2026