Search Results | AttackerKB

Show filters

Topics 9 Users 9,711

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

9 Total Results

Displaying 1-9 of 9

Attacker Value

Unknown

CVE-2024-29844

Disclosure Date: April 15, 2024 (last updated September 26, 2024)

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

0

Attacker Value

Unknown

CVE-2024-29843

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels

0

Attacker Value

Unknown

CVE-2024-29842

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user

0

Attacker Value

Unknown

CVE-2024-29841

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user

0

Attacker Value

Unknown

CVE-2024-29840

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user

0

Attacker Value

Unknown

CVE-2024-29839

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

0

Attacker Value

Unknown

CVE-2024-29838

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software

0

Attacker Value

Unknown

CVE-2024-29837

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

0

Attacker Value

Unknown

CVE-2024-29836

Disclosure Date: April 15, 2024 (last updated April 15, 2024)

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.

0