CVE-2024-39867

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1

Description: A vulnerability has been identified in the SINEMA Remote Connect Server, where affected devices do not properly validate authentication when performing certain actions in the web interface. This allows an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges. The issue is related to errors in security mechanisms, which can be exploited by a remote attacker to view and edit protected configuration information without access rights.

Recommendations: For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid performing sensitive actions in the web interface until the issue is resolved.