CVE-2024-54764

Medium

Published: 06 January 2025

Published

06 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score 0.0599 90.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.

Security Summary

CVE-2024-54764 is an access control vulnerability affecting the /login/hostinfo2.cgi component in ipTIME A2004 firmware version v12.17.0. The flaw enables attackers to bypass authentication and access sensitive information hosted by the device.

The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating it is exploitable over the network with low complexity, requiring no privileges, user interaction, or scope changes. Unauthenticated remote attackers can leverage this issue to obtain sensitive information and potentially achieve limited integrity impacts, such as unauthorized modifications to low-impact data.

Advisories detailing the vulnerability are available in a GitHub repository at https://github.com/Shuanunio/CVE_Requests/blob/main/ipTIME/A2004/ipTIME_A2004_unauthorized_access_vulnerability_second.md.

Details

CWE(s): None listed

References

https://github.com/Shuanunio/CVE_Requests/blob/main/ipTIME/A2004/ipTIME_A2004_unauthorized_access_vulnerability_second.md
cve@mitre.org
https://github.com/Shuanunio/CVE_Requests/blob/main/ipTIME/A2004/ipTIME_A2004_unauthorized_access_vulnerability_second.md
134c704f-9b21-4f2e-91b3-4a467353bcc0