CVE-2024-0556 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Xantech	Wic1200 Firmware	1.1
Xantech	Wic1200	-

Related Weaknesses (CWE)

CWE-261

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullThird Party Advisory

FAQ

What is CVE-2024-0556?

CVE-2024-0556 is a vulnerability with a CVSS score of 7.1 (HIGH). A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from an...

How severe is CVE-2024-0556?

CVE-2024-0556 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0556?

Check the references section above for vendor advisories and patch information. Affected products include: Xantech Wic1200 Firmware, Xantech Wic1200.