CVE-2024-50634

Published: Nov 8, 2024Modified: Nov 14, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication.

Affected (1)

Products: Sbond: Watcharr

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sbond Watcharr	Up to 1.43.0

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://github.com/yamerooo123/CVE/tree/main/CVE-2024-50634

Source: cve@mitre.org

Exploit

https://youtu.be/wnULru0WdtA

Source: cve@mitre.org

Exploit

Timeline

No history available yet.