CVE-2024-24782

MEDIUM

Hima F30/F35/F60 Firmware - Origin Verification Bypass via Ping Request

Title source: llm

Description

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.

References (1)

[Mitigation, Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-013

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (13)

hima/f-com_01_firmware < 14.12

hima/f-cpu_01_firmware < 14.16

hima/f30_03x_yy_\(com\)_firmware < 24.14

hima/f30_03x_yy_\(cpu\)_firmware < 18.6

hima/f35_03x_yy_\(com\)_firmware < 24.14

hima/f35_03x_yy_\(cpu\)_firmware < 18.6

hima/f60_cpu_03x_yy_\(com\)_firmware < 24.14

hima/f60_cpu_03x_yy_\(cpu\)_firmware < 18.6

hima/x-com_01_e_yy_firmware < 15.14

hima/x-com_01_yy_firmware < 14.12

... and 3 more

Published Feb 13, 2024

Tracked Since Feb 18, 2026