PT-2024-22290 · Unknown · Scanner Device

Daniel Hirschberger

Published

2024-12-11

Updated

2024-12-15

CVE-2024-28140

CVSS v3.1

6.1

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Scanner device (affected versions not specified)

Description The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as the root user. This can be confirmed by running "ps aux" as the root user and observing the output.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250

Related Identifiers

CVE-2024-28140

Affected Products

Scanner Device

PT-2024-22290 · Unknown · Scanner Device

CVE-2024-28140

Weakness Enumeration

Related Identifiers

Affected Products

References · 6