How severe is CVE-2024-0390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2024-0390?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2024-0390 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401.

Related Vulnerabilities

CVE-2018-14801

MEDIUM

CVSS:6.2(Medium)

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that ...

CWE-7982018

CVE-2019-4220

MEDIUM

CVSS:6.2(Medium)

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

CWE-7982019

CVE-2019-5139

MEDIUM

CVSS:6.2(Medium)

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryptio...

CWE-7982019

CVE-2020-4932

MEDIUM

CVSS:6.2(Medium)

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, o...

CWE-7982020

CVE-2024-27159

MEDIUM

CVSS:6.2(Medium)

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in...

CWE-7982024

CVE-2024-27160

MEDIUM

CVSS:6.2(Medium)

CWE-7982024