Home > Vulnerability Database > CVE-2024-27488

Mend.io Vulnerability Database

CVE-2024-27488

Good to know:

Date: April 7, 2024

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.

Language: C++

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27488

Url: https://gist.github.com/tr4pmaker/44442d6f068458175213f4ba71da1312

Url: https://www.mend.io/vulnerability-database/CVE-2024-27488

Severity Score

9.8

Weakness Type (CWE)

Use of Hard-coded Password

CWE-259

Top Fix

Upgrade Version

Upgrade to version ecc05dae282d4b5b1d72e8b1cac8caffa70efa7e

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27488

Good to know:

Date: April 7, 2024

Language: C++

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?