CVE-2024-5632 MEDIUM

CVE-2024-5632

Vendor Longse Technology
Product NVR3608PGE2W
Weakness CWE-1392
Published July 9, 2024
Last update August 1, 2024

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
August 1, 2024 Record updated