{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T04:57:17.931","vulnerabilities":[{"cve":{"id":"CVE-2024-10381","sourceIdentifier":"vdisclose@cert-in.org.in","published":"2024-10-25T13:15:17.810","lastModified":"2024-11-14T21:44:53.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device."},{"lang":"es","value":"Esta vulnerabilidad existe en Matrix Door Controller Cosec Vega FAXQ debido a una implementación incorrecta de la administración de sesiones en la interfaz de administración basada en web. Un atacante remoto podría aprovechar esta vulnerabilidad enviando una solicitud http especialmente manipulada en el dispositivo vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir a un atacante remoto obtener acceso no autorizado y tomar el control total del dispositivo objetivo."}],"metrics":{"cvssMetricV40":[{"source":"vdisclose@cert-in.org.in","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"vdisclose@cert-in.org.in","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:matrixcomsec:cosec_vega_faxq_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"v2r17","matchCriteriaId":"555B4F91-2923-4F99-9FA5-61149CA5D1C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:matrixcomsec:cosec_vega_faxq:-:*:*:*:*:*:*:*","matchCriteriaId":"C9156114-135B-4378-9315-A027E36910B3"}]}]}],"references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328","source":"vdisclose@cert-in.org.in","tags":["Third Party Advisory"]}]}}]}