CVE-2024-24782

MEDIUM

Hima F30/F35/F60 Firmware - Origin Verification Bypass via Ping Request

Title source: llm

Description

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.

References (1)

[Mitigation, Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-013

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-346

Status published

Affected Products (13)

hima/f30_03x_yy_\(com\)_firmware < 24.14

hima/f30_03x_yy_\(cpu\)_firmware < 18.6

hima/f35_03x_yy_\(com\)_firmware < 24.14

hima/f35_03x_yy_\(cpu\)_firmware < 18.6

hima/f60_cpu_03x_yy_\(com\)_firmware < 24.14

hima/f60_cpu_03x_yy_\(cpu\)_firmware < 18.6

hima/f-com_01_firmware < 14.12

hima/f-cpu_01_firmware < 14.16

hima/x-com_01_e_yy_firmware < 15.14

hima/x-com_01_yy_firmware < 14.12

hima/x-cpu_01_firmware < 14.16

hima/x-cpu_31_firmware < 14.16

hima/x-sb_01_firmware < 7.54

Timeline

Published Feb 13, 2024

Tracked Since Feb 18, 2026