CVE-2024-5743
CRITICALEve Play <= 1.1.42 - Remote Code Execution via Weak Password Hash
Title source: llmDescription
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
References (1)
Core 1
Core References
Various Sources
https://www.evehome.com/en-us/security-content
Scores
CVSS v3
9.8
EPSS
0.0036
EPSS Percentile
27.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-916
Status
published
Products (1)
EveHome/Eve Play
< 1.1.42
Published
Jan 13, 2025
Tracked Since
Feb 18, 2026