CVE-2024-14034 | THREATINT

Description

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.

PUBLISHED Reserved 2026-04-01 | Published 2026-04-02 | Updated 2026-05-14 | Assigner VulnCheck

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper Authentication (CWE-287)

Product status

Default status

unaffected

Any version before 01.1.00

affected

References

assets.belden.com/...Security_Bulletin_BSECV-2024-02_1v0.pdf (Belden Security Bulletins) vendor-advisory

www.vulncheck.com/...ation-bypass-via-http-management-module third-party-advisory

cve.org (CVE-2024-14034)

nvd.nist.gov (CVE-2024-14034)

Download JSON