CVE-2024-29844

CRITICAL

Evolution Controller 2.x - Info Disclosure

Title source: llm

Description

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

References (1)

[Third Party Advisory] https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html

Scores

CVSS v3 9.8

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1392

Status published

Products (1)

cs-technologies/evolution < 2.04.560

Published Apr 15, 2024

Tracked Since Feb 18, 2026