CVE-2024-29666

CVSS 9.8 CRITICALEPSS 0.7%CWE-1393

In short

The Vehicle Monitoring platform CMSV6 uses default passwords that allow anyone with network access to gain unauthorized admin privileges. This is critical because attackers can take full control of the system without needing legitimate credentials.

Technical detail

An unauthenticated remote attacker can escalate privileges by exploiting default credentials in CMSV6 versions 7.31.0.2 through 7.32.0.3. The vulnerability stems from insecure permission configuration allowing default password authentication; successful exploitation grants full system access and control over vehicle monitoring functionality.

Summary generated and translated by AI from the official description.

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system