CVE-2024-51558

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 4, 2024

Updated: Nov 8, 2024

CWE ID 307

Summary

CVE-2024-51558 is a vulnerability affecting Wave 2.0 that stems from insufficient restrictions on API-based login attempts. An unauthorized remote attacker can exploit this weakness by executing a brute force attack on legitimate user credentials, such as One-Time Passwords (OTP), Mobile PINs (MPIN), or passwords. Successful exploitation could grant the attacker unauthorized access, potentially compromising multiple user accounts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z-imxj
https://www.cve.org/CVERecord?id=CVE-2024-51558
https://nvd.nist.gov/vuln/detail/CVE-2024-51558

Back to Vulnerability Database

CVE-2024-51558

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations