CVE-2024-4425

MEDIUM

CemiPark <5.03 - Info Disclosure

Title source: llm

Description

The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

References (3)

[Various Sources] https://cert.pl/en/posts/2024/05/CVE-2024-4423/

[Various Sources] https://cert.pl/posts/2024/05/CVE-2024-4423/

[Various Sources] http://cemi.pl/

Scores

CVSS v3 5.4

EPSS 0.0015

EPSS Percentile 34.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (3)

CEMI Tomasz Pawełek/CemiPark 4.5

CEMI Tomasz Pawełek/CemiPark 4.7

CEMI Tomasz Pawełek/CemiPark 5.03

Published May 14, 2024

Tracked Since Feb 18, 2026