CVE-2024-29844— Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-29844
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Source: NVD (National Vulnerability Database)
Vulnerability Description
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1392
Source: NVD (National Vulnerability Database)
Vulnerability Title
DirectCyber Evolution Controller 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DirectCyber Evolution Controller是DirectCyber公司的一款门禁控制器软件,用于控制器对设施的物理访问。 DirectCyber Evolution Controller 2.x 版本及之前版本存在安全漏洞,该漏洞源于 Web 界面上的默认凭据允许任何人直接登录服务器以执行管理功能。安装或首次登录时,应用程序不会要求用户更改密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CS Technologies Australia | Evolution Controller | 2.x | - |
II. Public POCs for CVE-2024-29844
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-29844
请登录查看更多情报信息。
Same Patch Batch · CS Technologies Australia · 2024-04-14 · 9 CVEs total
| CVE-2024-29836 | 9.8 CRITICAL | Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated accoun |
| CVE-2024-29837 | 8.8 HIGH | Poor session management in Evolution Controller allows administrator functionality for una |
| CVE-2024-29838 | 7.5 HIGH | Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of |
| CVE-2024-29839 | 7.5 HIGH | Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthe |
| CVE-2024-29840 | 7.5 HIGH | Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows u |
| CVE-2024-29841 | 7.5 HIGH | Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows |
| CVE-2024-29842 | 7.5 HIGH | Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allo |
| CVE-2024-29843 | 7.5 HIGH | Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthentica |
IV. Related Vulnerabilities
Same product: Evolution Controller
- CVE-2024-29843
Broken Access control on MOBILE_GET_USERS_LIST in Evolution - CVE-2024-29842
Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELD - CVE-2024-29841
Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS i - CVE-2024-29840
Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in - CVE-2024-29839
Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolu
Same vendor: CS Technologies Australia
- CVE-2024-29843
Broken Access control on MOBILE_GET_USERS_LIST in Evolution - CVE-2024-29842
Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELD - CVE-2024-29841
Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS i - CVE-2024-29840
Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in - CVE-2024-29839
Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolu
Same weakness: CWE-1392
V. Comments for CVE-2024-29844
No comments yet