The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.
History

Thu, 17 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
Description The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.
Title HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-10-17T18:13:52.552Z

Updated: 2024-10-17T19:22:56.932Z

Reserved: 2024-08-13T17:11:14.080Z

Link: CVE-2024-7755

cve-icon Vulnrichment

Updated: 2024-10-17T19:22:52.542Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T19:15:25.513

Modified: 2024-10-18T12:52:33.507

Link: CVE-2024-7755

cve-icon Redhat

No data.