CVE-2024-12757 HIGH

CVE-2024-12757: Nedap Librix Ecoreader Missing Authentication for Critical Function

Vendor Nedap Librix
Product Ecoreader
Weakness CWE-306 · Missing auth
Published January 17, 2025
Last update January 21, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
January 21, 2025 Record updated