CRITICAL🇵🇱 Wersja polska

CVE-2024-29666

CVSS 9.8v3.1pub. 2024-03-25upd. 2026-04-15

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

🤖 AI Analysis
How it works

The vulnerability results from the use of a default password (weak/default password) in the CMSV6 system component. A remote attacker, without possessing any privileges, can exploit this default password to authenticate in the system and obtain elevated privileges. CWE-1393 classification indicates the use of default, weak credentials that were not changed by the manufacturer or administrator.

Impact

An attacker can perform full privilege escalation in the system, gaining access to confidential data and the ability to modify or destroy data on the vehicle monitoring platform. In case of a successful attack, violation of system confidentiality, integrity, and availability is possible.

Mitigation & patch

The default password in the CMSV6 system component must be changed immediately and patches available from the manufacturer should be applied according to references. It is also recommended to restrict network access to the platform's administrative panel and implement a strong password policy.

Who is affected

CMSV6 vehicle monitoring platform in versions from v.7.31.0.2 to v.7.32.0.3.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References