CVE-2024-4225

NGDIN_ST v2.0D.0062 - Multiple Vulnerabilities

CVE ID

CVE-2024-4225

Description

Multiple security vulnerabilities has been discovered in the web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user’s privilege, steal user’s credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

Tested Versions

NGDIN_ST v2.0D.0062

Details

NetGuardian DIN Remote Telemetry Unit (RTU) is a RTU that helps to monitor the environment level. It provides web interface for monitoring and configuration.

Timeline

• 2023-12-15 - Vendor Disclosure
• 2024-04-29 - Public Release

Credit

Discovered by Tan Inn Fung and Goh Jing Loon of Govtech.