CVE-2024-39364
Missing Authentication for Critical Function (CWE-306)
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
Feedly found the first article mentioning CVE-2024-39364. See article
CVE-2024-39364 is a vulnerability with a CVSS v4 base score of 8.3, indicating a significant level of criticality. The CVSS vector string suggests that it has a low attack complexity and requires user interaction for exploitation. The provided information does not specify whether the vulnerability is being exploited in the wild, nor does it mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors or technology. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-39364
A CVSS base score of 6.3 has been assigned.
EPSS Score was set to: 0.04% (Percentile: 9.6%)