CVE-2024-29844 – CVE-2024-29844 is a critical authentication byp... (How to Fix)

📋 TL;DR

CVE-2024-29844 is a critical authentication bypass vulnerability in Evolution Controller 2.x web interface that allows attackers to log in using default credentials. This affects all Evolution Controller 2.x installations where administrators haven't manually changed the default password. Attackers gain full administrative access to the controller system.

💻 Affected Systems

Products:

Evolution Controller

Versions: 2.x versions

Operating Systems: Not specified - likely embedded/controller OS

Default Config Vulnerable: ⚠️ Yes

Notes: All fresh installations and systems where default credentials were never changed are vulnerable. The system does not force password change on first login.

📦 What is this software?

Evolution by Cs Technologies

View all CVEs affecting Evolution →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to reconfigure the controller, disable security controls, access sensitive data, and potentially pivot to other systems in the network.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, data theft, and potential disruption of controlled systems.

🟢

If Mitigated

No impact if default credentials were changed during initial setup or if network access controls prevent external access.

🌐 Internet-Facing: HIGH - Any internet-facing Evolution Controller with default credentials is trivially exploitable.

🏢 Internal Only: HIGH - Even internally, any user on the network can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of default credentials and network access to the web interface. No technical skills needed beyond basic web navigation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Log into Evolution Controller web interface
2. Navigate to administration/user settings
3. Change default password to a strong, unique password
4. Ensure all administrative accounts have strong passwords

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to Evolution Controller web interface using firewall rules

IP Whitelisting

all

Configure web interface to only accept connections from trusted IP addresses

🧯 If You Can't Patch

Immediately change all default passwords to strong, unique credentials
Implement network segmentation to isolate Evolution Controller from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Attempt to log into Evolution Controller web interface using default credentials (check vendor documentation for specific defaults)

Check Version:

Check version in web interface administration panel or system information page

Verify Fix Applied:

Verify that default credentials no longer work and strong passwords are required for all accounts

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login with default credentials
Administrative actions from unexpected IP addresses

Network Indicators:

HTTP requests to administrative endpoints from unauthorized sources
Traffic patterns indicating configuration changes

SIEM Query:

source="evolution-controller" AND (event_type="login" AND result="success" AND user="admin") OR (event_type="configuration_change" AND source_ip NOT IN [trusted_ips])

📊 Metadata

CVE ID: CVE-2024-29844

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1392

Published: April 15, 2024

Last Updated: December 10, 2025

🔗 References

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html Third Party Advisory
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29844, you might also want to check these: