CVE-2024-9554

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 6, 2024
Updated: Oct 7, 2024
CWE ID 639

Summary

CVE-2024-9554 is a vulnerability identified in the Sovell Smart Canteen System up to version 3.0.7303.30513, specifically within the Password Reset Handler's Check_ET_CheckPwdz201 function in the suanfa.py file. This flaw allows for authorization bypass, which can be exploited remotely, though the attack complexity is rated as high and exploitation appears to be difficult. The potential danger posed by this vulnerability is classified as low severity, with minimal impacts on integrity and no impacts on confidentiality or availability. Organizations using affected products should consider implementing mitigations or updates once available, as the vendor has not responded to disclosures regarding the issue. For further information and potential remediation strategies, users can refer to resources like VulDB and GitHub links associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share