How severe is CVE-2024-2641?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-2641?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2024-2641 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-5063

MEDIUM

CVSS:5.3(Medium)

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vector...

CWE-2852016

CVE-2016-7651

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intend...

CWE-2852016

CVE-2016-9938

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip...

CWE-2852016

CVE-2018-1113

MEDIUM

CVSS:5.3(Medium)

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemo...

CWE-2852018

CVE-2018-3778

MEDIUM

CVSS:5.3(Medium)

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

CWE-2852018

CVE-2018-3829

MEDIUM

CVSS:5.3(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous run...

CWE-2852018