CVE-2024-39290 | AIPHONE IX-MV Address Book insufficiently protected credentials

A vulnerability was found in AIPHONE IX-MV, IX-MV7-HB, IX-MV7-HBT, IX-MV7-HW, IX-MV7-HWT, IX-MV7-HW-JP, IX-MV7-B, IX-MV7-BT, IX-MV7-W, IX-MV7-WT, IX-DA, IX-DAU, IX-DB, IX-DBT, IX-EA, IX-EAT, IX-EAU, IX-DV, IX-DVT, IX-DVF, IX-DVF-P, IX-DVF-L, IX-DVM, IX-DU, IX-DVF-RA, IX-DVF-2RA, IX-BA, IX-BAU, IX-BB, IX-BBT, IX-FA, IX-SSA, IX-SS-2G, IX-SS-2GT, IX-SS-2G-N, IX-BU, IX-SSA-RA, IX-SSA-2RA, IX-RS-B, IX-RS-BT, IX-RS-W, IX-RS-WT, IXW-MA, IX-SPMIC, IXG-2C7, IXG-2C7-L, IXG-DM7, IXG-DM7-HID, IXG-DM7-HIDA, IXG-DM7-10K, IXG-MK, IXGW-GW, IXGW-TGW and IXGW-LC. It has been classified as problematic. This affects an unknown part of the component Address Book Handler. The manipulation leads to insufficiently protected credentials.

This vulnerability is uniquely identified as CVE-2024-39290. The attack needs to be approached within the local network. There is no exploit available.

CVE-2024-39290 | AIPHONE IX-MV Address Book insufficiently protected credentials

Related Posts

CVE-2024-31263 | aerin Loan Repayment Calculator and Application Form Plugin cross-site request forgery

CVE-2024-7106 | Spina CMS 2.18.0 /admin/media_folders cross-site request forgery

CVE-2024-33540 | ThemeGrill ColorNews Plugin up to 1.2.6 on WordPress cross site scripting

CVE-2024-47772 | Discourse up to 3.3.1/3.4.0.beta1 Chat Message cross site scripting (GHSA-67mh-xhmf-c56h)