HIGH🇵🇱 Wersja polska

CVE-2024-29840

CVSS 7.5v3.1pub. 2024-04-15upd. 2025-12-10

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Cs Technologies Evolution

    APP
    Cs-Technologies
    ≤ 2.04.560
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-29836CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w Evolution Controller — nieautoryzowane przejęcie kont

CVE-2024-29844CRITICAL9.8PL ✓ten sam produkt

Domyślne dane logowania w Evolution Controller 2.x umożliwiają pełen dostęp administracyjny

CVE-2024-29838HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user...

CVE-2024-29839HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29841HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...