CVE-2024-31200

MEDIUM

Unknown - Info Disclosure

Title source: llm

Description

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

References (1)

[Third Party Advisory] https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200

Scores

CVSS v3 4.2

EPSS 0.0008

EPSS Percentile 23.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-201

Status published

Affected Products (1)

proges/sensor_net_connect_firmware_v2

Timeline

Published Jul 31, 2024

Tracked Since Feb 18, 2026