CVE Catalog
CVE-2024-48539
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.30%
21th percentile - higher than 21% of all known CVEs
Summary
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. This allows an attacker to read the key and tamper with updates.
Risk Assessment
The risk involves potential injection of malicious firmware by an unauthorized actor, leading to device takeover and network compromise.
Recommendation
Immediately update Neye3C to the latest version that fixes this vulnerability and change default encryption keys.
Original NVD description (English source)
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

