CVE-2024-5514

MinMax CMS fromMinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
twcertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/2dde8d39-59fc-4c09-b4ad-0acf692321c5
https://www.chtsecurity.com/news/6b2393f5-3041-4011-b2ea-528e312c6b3c
https://www.twcert.org.tw/en/cp-139-7831-b9a46-2.html
https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html
https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html