CVE-2024-24279

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-261
View all →

Vulnerability Description

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.

Related Vulnerabilities

CVE-2024-28270

HIGH
CVSS:8.1(High)

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

CWE-2612024

CVE-2017-7905

CRITICAL
CVSS:9.8(Critical)

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmwa...

CWE-2612017

CVE-2020-10275

CRITICAL
CVSS:9.8(Critical)

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly w...

CWE-2612020

CVE-2021-21507

CRITICAL
CVSS:9.8(Critical)

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote...

CWE-2612021

CVE-2020-14481

HIGH
CVSS:7.8(High)

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...

CWE-2612020

CVE-2022-45099

HIGH
CVSS:7.8(High)

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full syst...

CWE-2612022