CVE-2024-48126

Critical

Published: 15 January 2025

Published

15 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0025 47.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.

Security Summary

CVE-2024-48126 is a critical vulnerability in the HI-SCAN 6040i Hitrax HX-03-19-I, where hardcoded credentials enable unauthorized access to vendor support and service functions. Classified under CWE-798 (Use of Hard-coded Credentials), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility and potential for significant impact.

Remote attackers require no privileges, authentication, or user interaction to exploit this issue over the network with low complexity. Exploitation allows attackers to leverage the hardcoded credentials, achieving high confidentiality, integrity, and availability impacts, such as gaining control over support and service access on affected devices.

Mitigation guidance is available in the referenced advisory at https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf, published on 2025-01-15.

Details

CWE(s): CWE-798

References

https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf
cve@mitre.org