CVE-2024-57778

High

Published: 14 February 2025

Published

14 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.1138 93.6th percentile

Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.

Security Summary

CVE-2024-57778 is a privilege escalation vulnerability in Orbe ONetView Roeador Onet-1200 Orbe 1680210096. The issue allows a remote attacker to escalate privileges by leveraging the server's response transition from HTTP status code 500 to status code 200. It carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-269 (Improper Privilege Management). The vulnerability was published on 2025-02-14.

A remote attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation enables high-impact confidentiality, integrity, and availability compromises in an unchanged security scope, effectively allowing privilege escalation on the affected system.

Mitigation details and additional information are available in the referenced advisory at https://github.com/KUK3N4N/CVE-2024-57778.

Details

CWE(s): CWE-269

References

https://github.com/KUK3N4N/CVE-2024-57778
cve@mitre.org