CVE-2024-14034

Critical CVSS: 9.3

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.

Vendor

Product

CWE

CWE-287

Yayın Tarihi

2026-04-02 20:16:19

Güncelleme

2026-04-03 23:17:01

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-287 CRITICAL 2026

Referanslar

https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf https://www.vulncheck.com/advisories/hirschmann-hieos-authentication-bypass-via-http-management-module