CVE-2024-28275

MEDIUM

Puwell Cloud Tech Co, Ltd 360Eyes Pro <3.9.5.16 - Info Disclosure

Title source: llm

Description

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests.

References (2)

[Various Sources] https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab

[Various Sources] https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Published Apr 03, 2024

Tracked Since Feb 18, 2026