PT-2024-31769 · Reedos · Reedos Aim-Star

Mohit Gadiya

Published

2024-09-11

Updated

2024-09-18

CVE-2024-45789

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Reedos aiM-Star version 2.0.1

Description: This issue exists due to improper validation of the mode parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this by manipulating the parameter in the API request body, potentially bypassing certain constraints in the registration process and allowing the creation of multiple accounts.

Recommendations: For Reedos aiM-Star version 2.0.1, consider restricting access to the API endpoint used in the registration process until a patch is available, and avoid manipulating the mode parameter in the API request body to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

CVE-2024-45789

Affected Products

Reedos Aim-Star

PT-2024-31769 · Reedos · Reedos Aim-Star

CVE-2024-45789

Weakness Enumeration

Related Identifiers

Affected Products

References · 8