Scan2Net Scanner Device Vulnerable to Root Access
CVE-2024-28140

Currently unrated

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 11 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

What is CVE-2024-28140?

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output.

Affected Version(s)

Scan2Net 0

References

https://r.sec-consult.com/imageaccess

third-party-advisory

https://www.imageaccess.de/?page=SupportPortal&lang=en

patch

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)