CVE-2024-28288

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-565
View all →

Vulnerability Description

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

Related Vulnerabilities

CVE-2008-5784

CRITICAL
CVSS:9.8(Critical)

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

CWE-5652008

CVE-2017-7279

CRITICAL
CVSS:9.8(Critical)

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.

CWE-5652017

CVE-2018-20512

CRITICAL
CVSS:9.8(Critical)

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

CWE-5652018

CVE-2018-5190

CRITICAL
CVSS:9.8(Critical)

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page...

CWE-5652018

CVE-2018-5455

CRITICAL
CVSS:9.8(Critical)

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to...

CWE-5652018

CVE-2019-7266

CRITICAL
CVSS:9.8(Critical)

Linear eMerge 50P/5000P devices allow Authentication Bypass.

CWE-5652019