Vulnerability Description
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/2dde8d39-59fc-4c09-b4ad-0acf692321c5
- https://www.chtsecurity.com/news/6b2393f5-3041-4011-b2ea-528e312c6b3c
- https://www.twcert.org.tw/en/cp-139-7831-b9a46-2.html
- https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html
- https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html
FAQ
What is CVE-2024-5514?
CVE-2024-5514 is a vulnerability with a CVSS score of 9.8 (CRITICAL). MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain th...
How severe is CVE-2024-5514?
CVE-2024-5514 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-5514?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.