CVE-2024-3911

MEDIUM

Welotec SMART EMS and VPN Security Suite <= 3.1.4 - Clickjacking

Title source: llm
STIX 2.1

Description

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. 

References (1)

Scores

CVSS v3 6.5
EPSS 0.0011
EPSS Percentile 29.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1021
Status published
Products (2)
Welotec/SMART EMS < 3.1.4
Welotec/VPN Security Suite < 3.1.4
Published Apr 23, 2024
Tracked Since Feb 18, 2026