How severe is CVE-2024-10173?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-10173?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2024-10173 - MEDIUM Severity | CVSS 7.5

Vulnerability Description

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2002-2438

HIGH

CVSS:7.5(High)

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.

CWE-2872002

CVE-2009-0130

HIGH

CVSS:7.5(High)

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate cha...

CWE-2872009

CVE-2011-2054

HIGH

CVSS:7.5(High)

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...

CWE-2872011

CVE-2012-3824

HIGH

CVSS:7.5(High)

In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.

CWE-2872012

CVE-2013-1391

HIGH

CVSS:7.5(High)

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configu...

CWE-2872013

CVE-2013-2569

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to...

CWE-2872013