CVE-2024-4425

Description

The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

CEMI Tomasz Pawełek / CemiPark4.5 – 4.5
CEMI Tomasz Pawełek / CemiPark4.7 – 4.7
CEMI Tomasz Pawełek / CemiPark5.03 – 5.03

References

MISChttps://cert.pl/en/posts/2024/05/CVE-2024-4423/
MISChttps://cert.pl/posts/2024/05/CVE-2024-4423/
MISChttp://cemi.pl/