CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0676

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.5%

CVSS Severity

CVSS v3 Score 5.6

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines

Products affected by CVE-2024-0676

Lamassu » Douro » Version: N/A

cpe:2.3:h:lamassu:douro:-
Lamassu » Douro Ii » Version: N/A

cpe:2.3:h:lamassu:douro_ii:-
Lamassu » Douro Firmware » Version: 7.1

cpe:2.3:o:lamassu:douro_firmware:7.1
Lamassu » Douro Ii Firmware » Version: 7.1

cpe:2.3:o:lamassu:douro_ii_firmware:7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0676

Products

Pricing

Contact Us