Progauge Maglink Lx Console Firmware
CVE-2024-45373
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (hq) · only source for this CVE.
CVSS VectorVendor: hq
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
AnalysisAI
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. Affected products include: Doverfuelingsolutions Progauge Maglink Lx Console Firmware, Doverfuelingsolutions Progauge Maglink Lx4 Console Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject ar
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inje
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting th
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may a
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today