CVE-2024-41796

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager (all versions)

Description: A security issue has been identified where the web interface of affected devices allows changing the login password without knowing the current password. In combination with a prepared CSRF attack, an unauthenticated attacker could set the password to an attacker-controlled value, potentially allowing unauthorized access.

Recommendations: For all versions, as a temporary workaround, consider restricting access to the web interface until a patch is available. Additionally, implement measures to prevent CSRF attacks, such as validating request origins and using anti-CSRF tokens. At the moment, there is no information about a newer version that contains a fix for this vulnerability.