CVE-2024-8692

Summary

CVE-2024-8692 is a critical vulnerability affecting TDuckCloud TDuckPro versions up to 6.3, specifically related to a weak password recovery function that can be exploited remotely. The vulnerability allows attackers to manipulate the password recovery process without requiring authentication, posing a potential risk of unauthorized access to user accounts. Affected products include various models identified as ygwDpW, ygwTCP, ygwDpX, and ygwTCQ. Remediation steps have not been publicly provided by the vendor, who was contacted about the disclosure but did not respond. The vulnerability has an exploitability score of 3.9 and a base severity rating of medium (5.3), indicating that while it requires low complexity for exploitation, it can still lead to partial integrity impact on affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.