Plaintext SMTP Credentials Exposure in AVTECH Room Alert 4E v4.4.0
CVE-2024-33471

7.2HIGH

Key Information:

Vendor: AVTECH
Vendor: CVE Published:; 24 May 2024

What is CVE-2024-33471?

A vulnerability in the Sensor Settings of AVTECH's Room Alert 4E version 4.4.0 enables unauthorized access to sensitive SMTP credentials in plaintext format. This issue arises when attackers send specially crafted AJAX requests to the affected product. It is noteworthy that this vulnerability applies only to instances that are no longer supported by AVTECH, thus increasing the risk for users still operating these outdated versions.

References

https://avtech.com/articles/27472/security-advisory-smtp-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2024