CVE-2024-29844
Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
In short
The Evolution Controller 2.x comes with default login credentials that are never changed during installation, allowing anyone to access the server and perform administrative tasks without permission.
Technical detail
The web interface uses hardcoded default credentials without enforcing a mandatory password change on first login or deployment, enabling unauthenticated administrative access via direct login to the application interface.
Summary generated and translated by AI from the official description.
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
CS Technologies Australia · Evolution ControllerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →