CVE-2024-5684

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions.

Description: The issue is related to a faulty implementation of the JWT-library, which can be exploited by an attacker with access to the private network or local access to the Ethernet-Interface to bypass password authentication to the web configuration interface. This allows the attacker to have full access as a user would have, although without developer or admin rights. If the JWT-library implementation is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT, enabling a local, unauthenticated attacker to bypass the authentication mechanism.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.