CVE-2024-41796

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 8, 2025

CWE ID 620

Summary

CVE-2024-41796: A serious vulnerability has been discovered in the SENTRON 7KT PAC1260 Data Manager, affecting all versions. The web interface of the device is vulnerable to password changes without requiring the current password. An attacker can exploit this weakness in conjunction with a Cross-Site Request Forgery (CSRF) attack (CVE-2024-41795) to set the password to a malicious value, allowing unauthenticated access to the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xLAr7W
https://www.cve.org/CVERecord?id=CVE-2024-41796
https://nvd.nist.gov/vuln/detail/CVE-2024-41796

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-41796

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations