CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9929
https://notcve.org/view.php?id=CVE-2024-9929
26 Nov 2024 — A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9928
https://notcve.org/view.php?id=CVE-2024-9928
26 Nov 2024 — A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. A vulnerability exists in NSD570 login panel that does not restrict ex... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch • CWE-307: Improper Restriction of Excessive Authentication Attempts •