CVE-2024-5632

MEDIUM EPSS 15.5%

Published Jul 9, 20241y ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published Jul 9, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

15.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-1392

References 3

cert.pl https://cert.pl/en/posts/2024/07/CVE-2024-5631/
cert.pl https://cert.pl/posts/2024/07/CVE-2024-5631/
zamel.com https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.