CVE-2024-28143

Name of the Vulnerable Software and Affected Versions No specific software name or versions are mentioned in the provided descriptions.

Description The password change function at "/cgi/admin.cgi" does not require the current or old password, making the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, for example, by exploiting a CSRF issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.