CVE-2024-2412
MEDIUMHeimavista Rpage and Epage - User Registration Bypass
Title source: manualDescription
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html
Scores
CVSS v3
5.3
EPSS
0.0043
EPSS Percentile
34.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1220
Status
published
Products (2)
Heimavista/Epage
earlier version - v3.0.106.20231112
Heimavista/Rpage
earlier version - v5.4.103.20231111
Published
Mar 13, 2024
Tracked Since
Feb 18, 2026