Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Vinchin Backup And Recovery 7.2 Default Root Credentials

🗓️ 26 Jan 2024 00:00:00Reported by Valentin LobsteinType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 361 Views

Vinchin Backup & Recovery v7.2 Default Root Credentials Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability
29 Jan 202400:00
zdt
Circl		CVE-2024-22902
2 Feb 202403:22
circl
CNNVD		Vinchin Backup and Recovery Security Vulnerabilities
2 Feb 202400:00
cnnvd
CVE		CVE-2024-22902
2 Feb 202400:00
cve
Cvelist		CVE-2024-22902
2 Feb 202400:00
cvelist
GithubExploit		Exploit for Code Injection in Vinchin Vinchin_Backup_And_Recovery
6 Nov 202309:24
githubexploit
NVD		CVE-2024-22902
2 Feb 202402:15
nvd
OpenVAS		SSH Brute Force Logins With Default Credentials Reporting
2 Nov 201600:00
openvas
Prion		Default credentials
2 Feb 202402:15
prion
Positive Technologies		PT-2024-1516 · Vinchin · Vinchin Backup & Recovery
1 Feb 202400:00
ptsecurity
Rows per page
`CVE ID: CVE-2024-22902  
  
Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2  
  
Suggested Description:  
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.  
  
Additional Information:  
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password authentication as root is possible, leading to potential unauthorized access.  
  
Vulnerability Type:  
Incorrect Access Control  
  
Vendor of Product:  
Vinchin  
  
Affected Product Code Base:  
Vinchin - Version 7.2  
  
Attack Type:  
Remote  
  
Impact - Escalation of Privileges:  
True  
  
Attack Vectors:  
This security flaw can be exploited through both local and remote access using the default root credentials provided in the software.  
  
Discoverer:  
Valentin Lobstein  
  
References:  
- http://vinchin.com  
  
Conclusion:  
The existence of default root credentials in Vinchin Backup & Recovery v7.2 (CVE-2024-22902) is a serious security oversight. Users of this software version should be aware of the risks and stay alert for any updates or security patches from Vinchin. Immediate action should be taken to change these credentials to prevent unauthorized access.  
  
Signed,Valentin Lobstein  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jan 2024 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.00156
vinchin backup & recoverydefault root credentialssecurity vulnerabilityaccess controlremote access
361