CVE-2024-5743

Critical

Published: 13 January 2025

Published

13 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.

Security Summary

CVE-2024-5743 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-916, "Use of Password Hash With Insufficient Computational Effort," affecting the EveHome Eve Play device. This flaw allows an attacker to execute arbitrary code and impacts versions through 1.1.42.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability on the affected Eve Play device.

The vendor provides details on mitigation in their security advisory at https://www.evehome.com/en-us/security-content.

Details

CWE(s): CWE-916

References

https://www.evehome.com/en-us/security-content
cybersecurity@ch.abb.com