CVE-2024-42051

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-1391
View all →

Vulnerability Description

The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.

Related Vulnerabilities

CVE-2025-2229

HIGH
CVSS:7.7(High)

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

CWE-13912025

CVE-2022-3010

HIGH
CVSS:7.5(High)

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva To...

CWE-13912022

CVE-2024-45272

HIGH
CVSS:7.5(High)

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

CWE-13912024

CVE-2024-45722

HIGH
CVSS:7.5(High)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.

CWE-13912024

CVE-2024-40892

HIGH
CVSS:7.1(High)

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision S...

CWE-13912024

CVE-2023-48257

HIGH
CVSS:8.8(High)

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be ex...

CWE-13912023