CVE-2024-0305 MEDIUM

CVE-2024-0305: Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure

Vendor Guangzhou Yingke Electronic Technology
Product Ncast
Weakness CWE-200 · Info exposure
Published January 8, 2024
Last update September 4, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
September 4, 2024 Record updated