CVE-2024-2412

MEDIUM

Heimavista - RCE

Title source: llm

Description

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

References (1)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1220

Status published

Products (2)

Heimavista/Epage earlier version - v3.0.106.20231112

Heimavista/Rpage earlier version - v5.4.103.20231111

Published Mar 13, 2024

Tracked Since Feb 18, 2026