CVE-2024-24300
CRITICAL4ipnet EAP-767 v3.42.00 - Improper Access Control via Static Session Cookie
Title source: llmDescription
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/yckuo-sdc/PoC
Scores
CVSS v3
9.8
EPSS
0.0077
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
4ipnet/eap-767_firmware
3.42.00
Published
Feb 14, 2024
Tracked Since
Feb 18, 2026