CVE-2024-33471

2024-05-2419:15:09

[email protected]

web.nvd.nist.gov

cve-2024-33471

avtech room alert

sensor settings

smtp credentials

plaintext access

crafted ajax request

no longer supported

7.3 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

avtech.com/articles/27472/security-advisory-smtp-credentials-pass-back/