HIGH🇬🇧 English

CVE-2024-1623

CVSS 7.7v3.1pub. 2024-03-14upd. 2025-01-23

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Sagemcom F\@st 3686

    HW
    Sagemcom
    v2
  • Sagemcom F\@st 3686 Firmware

    OS
    Sagemcom
    < 3.709.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-29329CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w usłudze ippprint routera Sagemcom F@st 3686 umożliwia RCE

CVE-2021-3304CRITICAL9.8ten sam produkt

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.

CVE-2019-19494HIGH8.8ten sam produkt

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...

CVE-2020-21733MEDIUM6.1ten sam produkt

Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.a...

CVE-2020-24034HIGH8.8ten sam vendor

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authe...

CVE-2024-1623 — HIGH 7.7 | CVEbaza.pl