CVE-2024-7898

MEDIUM Year: 2024
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-1392
View all →

Vulnerability Description

A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2023-30603

CRITICAL
CVSS:9.8(Critical)

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remot...

CWE-13922023

CVE-2023-30801

CRITICAL
CVSS:9.8(Critical)

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, thi...

CWE-13922023

CVE-2023-3703

CRITICAL
CVSS:9.8(Critical)

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

CWE-13922023

CVE-2023-40704

MEDIUM
CVSS:9.8(Critical)

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An ...

CWE-13922023

CVE-2023-49621

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An...

CWE-13922023

CVE-2024-12286

CRITICAL
CVSS:9.8(Critical)

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

CWE-13922024