Evolution Controller — Vulnerabilities & Security Advisories 9

All 9 CVE vulnerabilities found in Evolution Controller, with AI-generated Chinese analysis, references, and POCs.

Vendor: CS Technologies Australia

CVE ID	Title	CVSS	Severity	Published
CVE-2024-29844	Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions CWE-1392	9.8	Critical	2024-04-14
CVE-2024-29843	Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration CWE-200	7.5	High	2024-04-14
CVE-2024-29842	Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values CWE-200	7.5	High	2024-04-14
CVE-2024-29841	Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values CWE-200	7.5	High	2024-04-14
CVE-2024-29840	Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values CWE-200	7.5	High	2024-04-14
CVE-2024-29839	Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values. CWE-200	7.5	High	2024-04-14
CVE-2024-29838	Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash CWE-457	7.5	High	2024-04-14
CVE-2024-29837	Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections CWE-284	8.8	High	2024-04-14
CVE-2024-29836	Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover CWE-284	9.8	Critical	2024-04-14

All 9 known CVE vulnerabilities affecting Evolution Controller with full Chinese analysis, references, and POCs where available.