How severe is CVE-2024-8005?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-8005?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2024-8005 - MEDIUM Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2005-0496

CRITICAL

CVSS:9.8(Critical)

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

CWE-7982005

CVE-2008-0961

CRITICAL

CVSS:9.8(Critical)

EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.

CWE-7982008

CVE-2008-1160

CRITICAL

CVSS:9.8(Critical)

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

CWE-7982008

CVE-2009-5154

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.

CWE-7982009

CVE-2010-1573

CRITICAL

CVSS:9.8(Critical)

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitra...

CWE-7982010

CVE-2012-2166

CRITICAL

CVSS:9.8(Critical)

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remot...

CWE-7982012