CVE-2024-14034

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 02, 2026

Vendor unknown

Description

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.

References

https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf