CVE-2024-5143

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.

Related Vulnerabilities

CVE-2017-17746

MEDIUM
CVSS:6.8(Medium)

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticatio...

CWE-3062017

CVE-2017-8156

MEDIUM
CVSS:6.8(Medium)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board...

CWE-3062017

CVE-2019-16258

MEDIUM
CVSS:6.8(Medium)

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal U...

CWE-3062019

CVE-2020-10263

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue...

CWE-3062020

CVE-2020-15483

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access.

CWE-3062020

CVE-2020-1813

MEDIUM
CVSS:6.8(Medium)

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario att...

CWE-3062020