CVE-2024-41793

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager (All versions)

Description: A vulnerability has been identified that allows an unauthenticated remote attacker to enable remote access to the device via ssh. The web interface of affected devices provides an endpoint that allows the ssh service to be enabled without authentication.

Recommendations: For all versions, consider disabling the ssh service until a patch is available to prevent unauthorized access. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation. Avoid using the endpoint that enables the ssh service without proper authentication mechanisms in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.