CVE-2024-36523

Published: Jun 12, 2024Modified: Jun 13, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.

Affected (1)

Products: Wvp Pro: Gb28181

Wvp Pro

1 product

Gb28181

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wvp Pro Gb28181	Version 2.0

Related CWEs

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

https://github.com/648540858/wvp-GB28181-pro/issues/1456

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/648540858/wvp-GB28181-pro/issues/1456

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.