Skip to main content

Brute Force CVE-2024-29208

LOW
Weak Password Requirements (CWE-521)
2024-05-07 support@hackerone.com
2.2
CVSS 3.0 · Vendor: hackerone

Severity by source

Vendor (hackerone) PRIMARY
2.2 LOW
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Primary rating from Vendor (hackerone) · only source for this CVE.

CVSS VectorVendor: hackerone

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 07, 2024 - 17:15 cve.org
LOW 2.2

DescriptionCVE.org

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.

Affected Products:

UniFi Connect EV Station (Version 1.1.18 and earlier)

UniFi Connect EV Station Pro (Version 1.1.18 and earlier)

UniFi Connect Display (Version 1.9.324 and earlier)

UniFi Connect Display Cast (Version 1.6.225 and earlier)

Mitigation:

Update UniFi Connect Application to Version 3.10.7 or later.

Update UniFi Connect EV Station to Version 1.2.15 or later.

Update UniFi Connect EV Station Pro to Version 1.2.15 or later.

Update UniFi Connect Display to Version 1.11.348 or later.

Update UniFi Connect Display Cast to Version 1.8.255 or later.

AnalysisAI

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-521. An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. Version information: Version 1.1.18.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-2441 HIGH POC
8.5 Apr 28

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address fi

CVE-2024-42850 CRITICAL POC
9.8 Aug 16

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity

CVE-2025-28200 CRITICAL POC
9.8 May 09

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits o

CVE-2025-28389 CRITICAL POC
9.8 Jun 13

Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable br

CVE-2025-63747 CRITICAL POC
9.8 Nov 17

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immedia

CVE-2023-37756 CRITICAL POC
9.8 Sep 14

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creatio

CVE-2023-2160 CRITICAL POC
9.8 Apr 18

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this

CVE-2023-2106 CRITICAL POC
9.8 Apr 15

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. Rated critical severity (CVSS 9.8)

CVE-2023-1753 CRITICAL POC
9.8 Mar 31

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), t

CVE-2022-44236 CRITICAL POC
9.8 Dec 15

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. R

CVE-2022-3754 CRITICAL POC
9.8 Oct 29

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), th

CVE-2022-3268 CRITICAL POC
9.8 Sep 22

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Rated critical severity (CVSS 9.8), this

Share

CVE-2024-29208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy