CVE-2024-10381 CRITICAL

CVE-2024-10381: Authentication Bypass Vulnerability in Matrix Door Controller

Vendor Matrix Comsec
Product Matrix Door Controller Cosec Vega FAXQ
Weakness CWE-288
Published October 25, 2024
Last update October 25, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.

Key dates

02Disclosure timeline

October 25, 2024 CVE published
October 25, 2024 Record updated