CVE-2024-33471

Name of the Vulnerable Software and Affected Versions AVTECH Room Alert 4E version 4.4.0

Description An issue in the Sensor Settings allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request to an unspecified API endpoint. This issue only affects products that are no longer supported by the maintainer.

Recommendations For AVTECH Room Alert 4E version 4.4.0, as a temporary workaround, consider restricting access to the Sensor Settings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.