CVE-2024-7755 HIGH

CVE-2024-7755: HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials

Vendor Hms Networks
Product EWON FLEXY 202
Weakness CWE-522 · Insufficiently protected credentials
Published October 17, 2024
Last update October 17, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

What the vulnerability does

01Description

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.

Key dates

02Disclosure timeline

October 17, 2024 CVE published
October 17, 2024 Record updated