本ページは proges sensor_net_connect_firmware_v2 に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-3083 | A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page. | [email protected] | 8.3 | 0.21% | 2024-07-31 | 2026-06-17 |
| CVE-2024-3082 | A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | [email protected] | 4.2 | 0.07% | 2024-07-31 | 2026-06-17 |
| CVE-2024-31200 | A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | [email protected] | 4.2 | 0.19% | 2024-07-31 | 2026-06-17 |
| CVE-2024-31199 | A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code. | [email protected] | 8.8 | 0.30% | 2024-07-31 | 2026-06-17 |