Exploitation Summary
CVE-2024-46310 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
Nuclei Templates (1)
FXServer < v9601 - Information Exposure
MEDIUMVERIFIEDby s4e-io
References (2)
Core 2
Core References
Various Sources
http://cfxre.com
Various Sources
https://github.com/PRX5Y/CVE-2024-46310
Scores
CVSS v3
9.1
EPSS
0.0239
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-281
Status
published
Published
Jan 13, 2025
Tracked Since
Feb 18, 2026