CVE-2024-40117

Published: Jul 26, 2024

Modified: Nov 11, 2024

PUBLISHED

Description

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.solar-log.com/en/support/firmware-database-1

https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Incorrect%20Access%20Control

https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-40117

Description

Affected Products

References