Cyber Resilience

CVE-2024-54763

Medium

Published: 06 January 2025

Published
06 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0731 91.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54763 is a medium-severity an unspecified weakness vulnerability. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

An access control issue in the /login/hostinfo.cgi component of ipTIME A2004 version 12.17.0 permits unauthenticated retrieval of sensitive information. The flaw is tracked as CVE-2024-54763 with a CVSS 3.1 base score of 6.5 reflecting network attack vector, low complexity, and no required privileges or user interaction.

Remote attackers can send crafted requests to the affected endpoint and obtain sensitive data without authentication. The reported EPSS score remains flat at 0.0731 with no material increase after disclosure.

The only available references consist of a public GitHub disclosure that details the vulnerability but provides no official vendor advisory, patch information, or mitigation guidance.

EU & UK References

Vulnerability details

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References