CVE-2024-9334

CVE-2024-9334 is a high-severity vulnerability involving the use of hard-coded credentials (CWE-798) and storage of sensitive data in a mechanism without access control (CWE-921) in E-Kent Pallium Vehicle Tracking software. This flaw enables authentication bypass and affects all versions prior to 17.10.2024. Assigned a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), it highlights network-accessible exploitation with high confidentiality impact and low integrity impact.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows bypassing authentication controls, potentially granting access to sensitive data stored without proper access restrictions and enabling limited integrity modifications.

The primary advisory is available from the Turkish National Cyber Incident Response Center (USOM) at https://www.usom.gov.tr/bildirim/tr-25-0044, published on 2025-02-27. Mitigation involves updating to Pallium Vehicle Tracking version 17.10.2024 or later, as the issue is resolved in that release.