Vulnerability in Heimavista Epage
CVE-2024-2412
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.
EPSS: 0.004 (34.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Heimavista Epage — versions earlier version
- Heimavista Rpage — versions earlier version
Weakness classification (CWE)
Public proof-of-concept exploits
References
- twcert@cert.org.tw (third-party-advisory)
Frequently asked questions
- What is CVE-2024-2412?
- CVE-2024-2412 is a medium-severity vulnerability in Heimavista Epage, classified under CWE-1220. CVSS score: 5.3/10. Published 2024-03-13.
- How severe is CVE-2024-2412?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2024-2412 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.