CVE Catalog

CVE-2024-48539

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. This allows an attacker to read the key and tamper with updates.

Risk Assessment

The risk involves potential injection of malicious firmware by an unauthorized actor, leading to device takeover and network compromise.

Recommendation

Immediately update Neye3C to the latest version that fixes this vulnerability and change default encryption keys.

Original NVD description (English source)

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS