CVE-2024-48644

EIP tracks 1 public exploit for CVE-2024-48644. PoCs published by rosembergpro.

AI-analyzed exploit summary The PoC demonstrates an account enumeration vulnerability in Reolink Duo 2 WiFi Camera (Firmware v3.0.0.1889_23031701) by exploiting differential responses to valid vs. invalid usernames during login attempts. The script automates the process by sending login requests with a list of usernames and analyzing the error messages returned.

Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames.