CVE-2024-30802

CRITICAL

Vehicle Management System <7.31.0.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-30802. PoCs published by WarmBrew.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-30802, which describes a default password vulnerability in the Vehicle Management System. It includes HTTP request examples and screenshots demonstrating the exploitation process.

Description

An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.

Exploits (1)

github WRITEUP 3 stars

by WarmBrew · poc

https://github.com/WarmBrew/web_vul/tree/main/CVE-2024-30802.md

View Code ZIP pw:eip

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-30802, which describes a default password vulnerability in the Vehicle Management System. It includes HTTP request examples and screenshots demonstrating the exploitation process.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Management System <7.30

No auth needed

Prerequisites: Access to the login interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-30802.md

View Writeup ZIP pw:eip

Various Sources

https://github.com/WarmBrew/web_vul/blob/main/TTX.md

Scores

CVSS v3 9.8

EPSS 0.0052

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1393

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026