CVE-2024-1623

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-613
View all →

Vulnerability Description

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.

Related Vulnerabilities

CVE-2025-1968

HIGH
CVSS:7.7(High)

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue ...

CWE-6132025

CVE-2018-10990

HIGH
CVSS:8.0(High)

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might ma...

CWE-6132018

CVE-2021-25940

HIGH
CVSS:8.0(High)

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicio...

CWE-6132021

CVE-2022-33137

HIGH
CVSS:8.0(High)

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMAT...

CWE-6132022

CVE-2023-5865

HIGH
CVSS:7.6(High)

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CWE-6132023

CVE-2024-25628

HIGH
CVSS:7.6(High)

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addresse...

CWE-6132024