Lucene search

K

Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability

🗓️ 29 Jan 2024 00:00:00Reported by Valentin LobsteinType 
zdt
 zdt
🔗 0day.today👁 132 Views

Vulnerability in Vinchin Backup & Recovery v7.2 with Default Root Credential

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2024-22902
2 Feb 202400:00
cvelist
NVD
CVE-2024-22902
2 Feb 202402:15
nvd
Packet Storm
Vinchin Backup And Recovery 7.2 Default Root Credentials
26 Jan 202400:00
packetstorm
Prion
Default credentials
2 Feb 202402:15
prion
CVE
CVE-2024-22902
2 Feb 202402:15
cve
GithubExploit
Exploit for Code Injection in Vinchin Vinchin Backup And Recovery
6 Nov 202309:24
githubexploit
OpenVAS
SSH Brute Force Logins With Default Credentials Reporting
2 Nov 201600:00
openvas
CVE ID: CVE-2024-22902

Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2

Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.

Additional Information:
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password authentication as root is possible, leading to potential unauthorized access.

Vulnerability Type:
Incorrect Access Control

Vendor of Product:
Vinchin

Affected Product Code Base:
Vinchin - Version 7.2

Attack Type:
Remote

Impact - Escalation of Privileges:
True

Attack Vectors:
This security flaw can be exploited through both local and remote access using the default root credentials provided in the software.

Discoverer:
Valentin Lobstein

References:
- http://vinchin.com

Conclusion:
The existence of default root credentials in Vinchin Backup & Recovery v7.2 (CVE-2024-22902) is a serious security oversight. Users of this software version should be aware of the risks and stay alert for any updates or security patches from Vinchin. Immediate action should be taken to change these credentials to prevent unauthorized access.

Signed,Valentin Lobstein

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo