← back
CVE-2024-3765

Xiongmai AHB7804R-MH-V2 Sofia Service access control

CVSS 9.8 CRITICALEPSS 1.2%CWE-284
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Xiongmai · AHB7004T-GS-V3Xiongmai · AHB7004T-MHV2Xiongmai · AHB7804R-MH-V2Xiongmai · AHB8004T-GLXiongmai · AHB8008T-GLXiongmai · AHB8032F-LMEXiongmai · XM530_R80X30-PQ_8M
public PoCs found1
cve_referencegithub.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.pyunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/netsecfish/xiongmai_incorrect_access_controlhttps://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.pyhttps://vuldb.com/?ctiid.260605https://vuldb.com/?id.260605https://vuldb.com/?submit.311903