CVE-2024-37038
EUVD-2024-3640512.06.2024, 17:15
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| schneider_electric | sage_4400 | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
| schneider_electric | sage_1430 | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
| schneider_electric | sage_2400 | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
| schneider_electric | sage_3030m | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
| schneider_electric | sage_1410 | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
| schneider_electric | sage_1450 | 𝑥 ≤ c3414-500-s02k5_p8 | ADP |
Common Weakness Enumeration