Vulnerability in Wvp-pro Gb28181
CVE-2024-36523
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.
EPSS: 0.003 (25.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Wvp-pro Gb28181 — versions 2.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, Issue Tracking)
Frequently asked questions
- What is CVE-2024-36523?
- CVE-2024-36523 is a medium-severity vulnerability in Wvp-pro Gb28181, classified under Insufficient Session Expiration. CVSS score: 6.5/10. Published 2024-06-12.
- How severe is CVE-2024-36523?
- Medium severity. CVSS v3 base score is 6.5 out of 10.