Hard-coded credentials pose security risk in new firmware update
CVE-2024-28146

Currently unrated

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 12 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

What is CVE-2024-28146?

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.

Affected Version(s)

Scan2Net 0

References

https://r.sec-consult.com/imageaccess

third-party-advisory

https://www.imageaccess.de/?page=SupportPortal&lang=en

patch

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)