CVE-2024-37135
LOWDescription
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | dm5500_firmware |
| dell | dm5500 |
References
Frequently Asked Questions
What is CVE-2024-37135? +
How severe is CVE-2024-37135? +
What products are affected by CVE-2024-37135? +
How do I check if I'm vulnerable to CVE-2024-37135? +
Related Vulnerabilities
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in …
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext …
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the …
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor …
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using …
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A …