CVE-2024-0305
Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 07, 2024
- Published Date
- January 08, 2024
- Last Updated
- September 04, 2024
- Vendor
- Guangzhou Yingke Electronic Technology
- Product
- Ncast
- Description
- A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. Eine Schwachstelle wurde in Guangzhou Yingke Electronic Technology Ncast bis 2017 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /manage/IPSetup.php der Komponente Guest Login. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
CVSS v3.1
5.3 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v3.0
5.3 - MEDIUM
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2.0
5.0 -
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
- Score
- 93.89% (Percentile: 99.86%) as of 2025-04-29
SSVC Information
- Exploitation
- poc
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2025-04-23 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-24 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0305.yaml | 2025-04-26 00:00:00 UTC |