CVE-2024-4225

{"id": "CVE-2024-4225", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.1}]}, "published": "2024-04-30T07:15:49.107", "references": [{"url": "https://govtech-csg.github.io/security-advisories/2024/04/29/CVE-2024-4225.html", "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)."}, {"lang": "es", "value": "DPS Telecom ha descubierto m\u00faltiples vulnerabilidades de seguridad en la interfaz web de la Unidad de Telemetr\u00eda Remota (RTU) DIN NetGuardian. Los atacantes pueden aprovechar esas vulnerabilidades de seguridad para realizar acciones cr\u00edticas como escalar los privilegios del usuario, robar la credencial del usuario, Cross Site Scripting (XSS) y Cross-Site Request Forgery (CSRF)."}], "lastModified": "2024-04-30T13:11:16.690", "sourceIdentifier": "cve_disclosure@tech.gov.sg"}