QwikSec

Security Database

CVE

CWE

Training

CVE-2024-28140

Published: Dec 11, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output.

Vendor	Product	Versions
Image Access GmbH	Scan2Net	affected `0 - < 7.42`

Weaknesses (CWE)

References

https://r.sec-consult.com/imageaccess

third-party-advisory

https://www.imageaccess.de/?page=SupportPortal&lang=en

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.