Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

4.9CVSS5.8AI score0.0024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)

An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...

7.2CVSS5.8AI score0.00288EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4875

Malware in sbrugna...

9CVSS8.5AI score0.02995EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31209

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31208

Malicious code in bioql PyPI...

4.9CVSS6.6AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.7 views

CVE-2019-13379

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults=RA reset and using the default credentials to get in...

9CVSS7.4AI score0.02995EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:51 a.m.10 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.9CVSS7AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:40 a.m.10 views

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.2CVSS7AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2024/05/24 7:15 p.m.21 views

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.2CVSS6.7AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/24 6:12 p.m.28 views

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.7AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2024/05/24 6:12 p.m.97 views

CVE-2024-33471

AVTECH Room Alert 4E v4.4.0 is affected by a Sensor Settings vulnerability that allows an attacker to access SMTP credentials in plaintext via a crafted AJAX request. This affects devices no longer supported by the maintainer. CVSSv3.1: 7.2 (HIGH) with Network attack vector, low complexity, requi...

7.2CVSS7.3AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2024/05/24 3:15 p.m.11 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.9CVSS6.7AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/24 3:3 p.m.19 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.7AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/24 3:3 p.m.9 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2024/05/24 3:3 p.m.92 views

CVE-2024-33470

The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...

4.9CVSS7AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.7 views

PT-2024-25276 · Avtech · Avtech Room Alert 4E

Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the Sensor Settings allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request to an unspecified API endpoint. This issue only affects products that...

7.2CVSS7.2AI score0.00288EPSS
Exploits0References5
NVD
NVD
added 2019/07/07 4:15 p.m.21 views

CVE-2019-13379

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in...

9CVSS8.9AI score0.02995EPSS
Exploits1References3
Prion
Prion
added 2019/07/07 4:15 p.m.12 views

Default credentials

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in...

9CVSS8.8AI score0.02995EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 1976/01/01 12:0 a.m.10 views

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder