Critical Vulnerability in TDuckPro Affects Password Recovery

CVE-2024-8692

9.8CRITICAL

Key Information

Vendor
Tduckcloud
Status
Tduckpro
Vendor
CVE Published:
11 September 2024

Summary

A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

TDuckPro = 6.0

TDuckPro = 6.1

TDuckPro = 6.2

Refferences

https://vuldb.com/?id.277165
vdb-entry
https://vuldb.com/?ctiid.277165
signaturepermissions-required
https://vuldb.com/?submit.401715
third-party-advisory
https://www.shawroot.cc/2794.html
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved.

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database

Credit

ShawRoot (VulDB User)
.