CVE-2024-51983

High

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an…

rapid7·CWE-1286·Published 2025-06-25

CVSS

7.5

EPSS

0.07

KEV

Exploits

cve.orgen

304 chars

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

NVDen

304 chars

NVDes

331 chars

Un atacante no autenticado que pueda conectarse a la función de Servicios Web (puerto HTTP TCP 80) puede emitir una solicitud SOAP WS-Scan con un valor JobToken inesperado que bloqueará el dispositivo objetivo. El dispositivo se reiniciará, tras lo cual el atacante puede volver a ejecutar el comando para bloquearlo repetidamente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H