CVE-2024-49397
2024-10-17 19:5:0 Author: claroty.com(查看原文) 阅读量:1 收藏

High Threat

CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION('CROSS-SITE SCRIPTING')

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.

Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, impersonate and send false information, or bypass authentication.

Elvaco has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of M-Bus Metering Gateway CMe3100 are invited to contact Elvaco customer support for additional information.


文章来源: https://claroty.com/team82/disclosure-dashboard/cve-2024-49397
如有侵权请联系:admin#unsafe.sh