CVE-2024-5743

Critical

Published: 13 January 2025

Published

13 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5743 is a critical-severity Use of Password Hash With Insufficient Computational Effort (CWE-916) vulnerability in Evehome (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly mitigates the CVE by requiring identification, reporting, and timely correction of the weak password hashing flaw enabling arbitrary code execution.

IA-5 Authenticator Management good match

prevent

Ensures authenticators, including password hashes, have sufficient strength and computational effort to resist cracking and prevent exploitation leading to RCE.

SI-5 Security Alerts, Advisories, and Directives partial match

detectrespond

Mandates monitoring vendor security advisories for this CVE to disseminate alerts and take corrective actions like patching.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated RCE on network-exposed device directly enables T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.

Deeper analysisAI

CVE-2024-5743 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-916, "Use of Password Hash With Insufficient Computational Effort," affecting the EveHome Eve Play device. This flaw allows an attacker to execute arbitrary code and impacts versions through 1.1.42.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability on the affected Eve Play device.

The vendor provides details on mitigation in their security advisory at https://www.evehome.com/en-us/security-content.

Details

CWE(s): CWE-916

Affected Products

Evehome

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-30789Shared CWE-916

CVE-2025-2265Shared CWE-916

CVE-2026-30790Shared CWE-916

References

https://www.evehome.com/en-us/security-content
cybersecurity@ch.abb.com