1. Home
  2. CVE Database
  3. CVE-2024-28140
MEDIUM · 6.1

CVE-2024-28140

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other appl...

Vulnerability Description

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-250

References

FAQ

What is CVE-2024-28140?

CVE-2024-28140 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other appl...

How severe is CVE-2024-28140?

CVE-2024-28140 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-28140?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.