CVE-2026-24728
Unknown
Unknown - Not Provided
Missing Authentication in Interinfo DreamMaker /servlet/baServer3 Endpoint
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: ZUSO Advanced Research Team (ZUSO ART)
Description
Description
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| interinfo | dreammaker | to 2025-10-22 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authentication for a critical function in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22. It allows remote attackers to access administrative functionality without needing to authenticate first.
How can this vulnerability impact me? :
Because attackers can access administrative functions without authentication, they could potentially control or manipulate the affected system remotely, leading to unauthorized changes, data breaches, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70