Description

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

Related CPE's

o

proges

sensor_net_connect_firmware_v2

2.24

Vulnerable

h

proges

sensor_net_connect_v2

-

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-201

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.2 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-31T12:15:03.823Z

1 year ago

Last modified

2024-08-12T16:25:44.547Z

1 year ago