CVE-2024-4604107.10.2024, 16:15IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.8 HIGHADJACENT_NETWORKLOWNONECVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP8.8 HIGHADJACENT_NETWORKLOWNONECVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 1%Common Weakness EnumerationCWE-294 - Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).Referenceshttps://github.com/Anonymous120386/Anonymoushttps://www.iothaat.com/