Search criteria
1 vulnerability by EveHome
CVE-2024-5743 (GCVE-0-2024-5743)
Vulnerability from cvelistv5 – Published: 2025-01-13 17:25 – Updated: 2025-01-13 18:25
VLAI?
Title
Command Injection Vulnerability
Summary
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code.
This issue affects Eve Play: through 1.1.42.
Severity ?
9.8 (Critical)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
Credits
ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T18:25:40.080233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T18:25:58.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eve Play",
"vendor": "EveHome",
"versions": [
{
"lessThanOrEqual": "1.1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure."
}
],
"datePublic": "2025-01-12T19:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Eve Play: through 1.1.42.\u003c/p\u003e"
}
],
"value": "An attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\n\nThis issue affects Eve Play: through 1.1.42."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:25:49.740Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://www.evehome.com/en-us/security-content"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue is resolved in the version to:\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e1.1.43 or later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "The issue is resolved in the version to:\u00a01.1.43 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-5743",
"datePublished": "2025-01-13T17:25:49.740Z",
"dateReserved": "2024-06-07T12:34:00.963Z",
"dateUpdated": "2025-01-13T18:25:58.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}