CVE-2024-31200

A CWE-201: Insertion of Sensitive Information Into Sent Data affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.2 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NozomiCNA
4.2 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
progessensor_net_connect_firmware_v2
2.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200