CVE-2024-39866

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1

Description: A vulnerability has been identified that allows an attacker to create a user with administrative privileges. This issue is related to insecure privilege management and the ability to upload encrypted backup files. If an attacker has access to the backup encryption key and the right to upload backup files, they can exploit this vulnerability. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup file upload feature to minimize the risk of exploitation. Additionally, limit the use of administrative privileges to only necessary users.