CVE-2024-1015 CRITICAL

CVE-2024-1015: Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3

Vendor Se-Elektronic Gmbh
Product E-DDC3.3
Weakness CWE-94 · Code injection
Published January 29, 2024
Last update June 2, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.

Key dates

02Disclosure timeline

January 29, 2024 CVE published
June 2, 2025 Record updated