CVE-2024-48442

Missing Authentication for Critical Function (CWE-306)

Published: Oct 24, 2024 / Updated: 26d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48442

Oct 24, 2024 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48442. See article

Oct 24, 2024 at 6:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 24, 2024 at 6:22 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 25, 2024 at 10:07 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Oct 25, 2024 at 8:40 PM / nvd
Static CVE Timeline Graph

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

CVE-2024-48442
Medium Severity Description Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. Read more at https://www.tenable.com/cve/CVE-2024-48442
NA - CVE-2024-48442 - Incorrect access control in Shenzhen Tuoshi...
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication.
CVE-2024-48442 | Shenzhen Tuoshi Network Communications 5G CPE Router NR500-EA 3.2.2543.12.18 SSH Protocol access control
A vulnerability has been found in Shenzhen Tuoshi Network Communications 5G CPE Router NR500-EA 3.2.2543.12.18 and classified as critical . This vulnerability affects unknown code of the component SSH Protocol . The manipulation leads to improper access controls. This vulnerability was named CVE-2024-48442 . The attack needs to be initiated within the local network. There is no exploit available.
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without...
CVE-2024-48442 - Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router SSH Authentication Bypass
CVE ID : CVE-2024-48442 Published : Oct. 24, 2024, 6:15 p.m. 19 minutes ago Description : Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI