CVE-2024-33471

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-312
View all →

Vulnerability Description

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2009-5068

HIGH
CVSS:7.2(High)

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted...

CWE-3122009

CVE-2018-10871

HIGH
CVSS:7.2(High)

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores ...

CWE-3122018

CVE-2018-19981

HIGH
CVSS:7.2(High)

Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to ...

CWE-3122018

CVE-2019-3753

HIGH
CVSS:7.2(High)

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored ...

CWE-3122019

CVE-2019-6549

HIGH
CVSS:7.2(High)

An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.

CWE-3122019

CVE-2020-29001

HIGH
CVSS:7.2(High)

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTf...

CWE-3122020