Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by EveHome

CVE-2024-5743 (GCVE-0-2024-5743)

Vulnerability from cvelistv5 – Published: 2025-01-13 17:25 – Updated: 2025-01-13 18:25
VLAI?
Title
Command Injection Vulnerability
Summary
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
ABB
References
Impacted products
Vendor Product Version
EveHome Eve Play Affected: 0 , ≤ 1.1.42 (custom)
Create a notification for this product.
Date Public ?
2025-01-12 19:31
Credits
ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T18:25:40.080233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T18:25:58.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Eve Play",
          "vendor": "EveHome",
          "versions": [
            {
              "lessThanOrEqual": "1.1.42",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure."
        }
      ],
      "datePublic": "2025-01-12T19:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Eve Play: through 1.1.42.\u003c/p\u003e"
            }
          ],
          "value": "An attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\n\nThis issue affects Eve Play: through 1.1.42."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-916",
              "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-13T17:25:49.740Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://www.evehome.com/en-us/security-content"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The issue is resolved in the version to:\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e1.1.43 or later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "The issue is resolved in the version to:\u00a01.1.43 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command Injection Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-5743",
    "datePublished": "2025-01-13T17:25:49.740Z",
    "dateReserved": "2024-06-07T12:34:00.963Z",
    "dateUpdated": "2025-01-13T18:25:58.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}