CVE Catalog

CVE-2024-48538

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile - higher than 38% of all known CVEs

Summary

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

Risk Assessment

The organization is at risk of sensitive data leakage, such as API keys or passwords, which could lead to unauthorized system access and security breaches.

Recommendation

Immediately update the Neye3C firmware to the latest version and conduct a security audit of APK files to remove sensitive data from the source code.

Original NVD description (English source)

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS