CVE-2024-54763
Published: 06 January 2025
Summary
CVE-2024-54763 is a medium-severity an unspecified weakness vulnerability. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
An access control issue in the /login/hostinfo.cgi component of ipTIME A2004 version 12.17.0 permits unauthenticated retrieval of sensitive information. The flaw is tracked as CVE-2024-54763 with a CVSS 3.1 base score of 6.5 reflecting network attack vector, low complexity, and no required privileges or user interaction.
Remote attackers can send crafted requests to the affected endpoint and obtain sensitive data without authentication. The reported EPSS score remains flat at 0.0731 with no material increase after disclosure.
The only available references consist of a public GitHub disclosure that details the vulnerability but provides no official vendor advisory, patch information, or mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52666
Vulnerability details
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.