← Back

CVE-2024-2413

nvd nist
Published: Mar 13, 2024Modified: Mar 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: twcert@cert.org.tw (Secondary)

Description

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.

Affected (1)

Products: Intumit: Smartrobot
Intumit
1 product
Smartrobot
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Smartrobot
Before 6.2.0-202303TW

Related CWEs

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (2)

Source: twcert@cert.org.tw
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.