3 matches found
CVE-2024-36439
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...
DiCal-RED 4009 Cryptography Failure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-038 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Use of Password Hash Instead of Password for Authentication CWE-836 Risk Level: Medium Solution...
CVE-2024-36439
Swissphone DiCal-RED 4009 devices are affected by CVE-2024-36439, where a remote attacker can access the administrative web interface using the device password’s hash value without knowing the actual password. The vulnerability arises in the authentication flow and, per the gathered sources, ther...