CVE-2024-47784

LOW
Unverified Password Change (CWE-620)
2025-04-30 [email protected]
Authentication Bypass
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:39 vuln.today
CVE Published
Apr 30, 2025 - 19:15 nvd
LOW 2.1

DescriptionNVD

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

AnalysisAI

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI1.4 and earlier. Rated low severity (CVSS 2.1). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-620. Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI1.4 and earlier. Version information: version 1.1.4.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-47784 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy