CVE-2024-31200

CVSS 4.2 MEDIUMEPSS 0.2%CWE-201

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

31 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Plug&Track · Sensor Net Connect V2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200