CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7898

High Severity
Tosei-corporation
SVRS
68/100
CVSSv3
9.8/10
EPSS
0.00148/1

CVE-2024-7898 in Tosei Online Store Management System allows for remote exploitation due to the use of default credentials. This critical vulnerability impacts the backend component of versions 4.02, 4.03, and 4.04. Although CVE-2024-7898 has a CVSS score of 9.8, SOCRadar's Vulnerability Risk Score (SVRS) is 68, indicating a substantial risk. The vulnerability is publicly disclosed and actively exploitable, posing a significant threat to systems using the affected Tosei Online Store Management System versions. Exploitation could lead to unauthorized access and data breaches, making immediate patching or mitigation crucial. Despite attempts to contact the vendor, no response has been received. Organizations using this system should prioritize addressing CVE-2024-7898 to prevent critical vulnerabilities and system compromise.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-17
LAST MODIFIED2024-09-27
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7898 is a critical vulnerability in Tosei Online Store Management System 4.02/4.03/4.04. It allows remote attackers to exploit the use of default credentials, potentially leading to unauthorized access and control of the affected system.

Key Insights

  • High Severity: The SVRS of 74 indicates a high level of urgency and severity, requiring immediate attention.
  • Active Exploitation: The exploit has been publicly disclosed and may be actively used by attackers.
  • Vendor Unresponsiveness: The vendor has not responded to the disclosure, highlighting the need for proactive mitigation measures.

Mitigation Strategies

  • Update Software: Install the latest software updates from the vendor to patch the vulnerability.
  • Disable Default Credentials: Change any default credentials used in the system to prevent unauthorized access.
  • Implement Strong Authentication: Use multi-factor authentication or other strong authentication mechanisms to enhance security.
  • Monitor for Suspicious Activity: Regularly monitor system logs and network traffic for any suspicious activity that may indicate an exploit attempt.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is currently being exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

CVE-2024-7898 A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the comp… https://t.co/5IvxDQOcSV
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppTosei-corporationonline_store_management_system

References

ReferenceLink
[email protected]https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651
[email protected]https://vuldb.com/?ctiid.274906
[email protected]https://vuldb.com/?id.274906
[email protected]https://vuldb.com/?submit.386560

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence