PT-2024-1634 · Vinchin · Vinchin Backup & Recovery
Valentin Lobstein
·
Published
2024-01-25
·
Updated
2025-05-15
·
CVE-2024-22901
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Vinchin Backup & Recovery version 7.2
Description
The issue is related to the use of default credentials in Vinchin Backup & Recovery. This could allow a remote attacker to elevate their privileges.
Recommendations
For Vinchin Backup & Recovery version 7.2, change the default MYSQL credentials to custom, secure credentials as soon as possible to prevent exploitation. Consider restricting access to the MYSQL database until the credentials are changed.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vinchin Backup & Recovery