{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T19:40:39.757","vulnerabilities":[{"cve":{"id":"CVE-2024-22894","sourceIdentifier":"cve@mitre.org","published":"2024-01-30T10:15:09.833","lastModified":"2024-11-21T08:56:45.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file."},{"lang":"es","value":"Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar código arbitrario a través del componente de contraseña en el archivo sombra."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.88.3","matchCriteriaId":"0748DE3E-9C10-4E55-9CE2-2FC142C70AA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.89.0","matchCriteriaId":"1AB21F68-A56D-44F4-9E8F-35FE4F633276"},{"vulnerable":true,"criteria":"cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.81.3","matchCriteriaId":"AF001062-843A-48C0-BBB1-39EF0169FF04"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alpha-innotec:heat_pumps:-:*:*:*:*:*:*:*","matchCriteriaId":"D87D8C1B-B1F7-4FC4-B857-5BEEA2A8C74F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.88.3","matchCriteriaId":"DDDB466A-0CC1-4C7B-914A-BEC7A3AFA835"},{"vulnerable":true,"criteria":"cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.89.0","matchCriteriaId":"F60C4875-FB5D-41A8-8FCC-EEF050BDE9A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.81.3","matchCriteriaId":"9DFEEE56-A799-4CCD-A33B-83A0177FCF71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:novelan:heat_pumps:-:*:*:*:*:*:*:*","matchCriteriaId":"80BCEF4F-B08E-4776-94D9-EABA4F3BE412"}]}]}],"references":[{"url":"https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/Jaarden/CVE-2024-22894","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/Jaarden/CVE-2024-22894","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}