CVE-2024-32210 – CVE-2024-32210 is a hard-coded credential vulne... (How to Fix)

Q: What is the severity of CVE-2024-32210?

CVE-2024-32210 has a CVSS score of 5.3 (MEDIUM). CVE-2024-32210 is a hard-coded credential vulnerability in LoMag WareHouse Management application versions 1.0.20.120 and older. This allows attackers to bypass authentication and potentially access sensitive data or systems using default passwords. Organizations using affected versions of this warehouse management software are at risk.

📋 TL;DR

CVE-2024-32210 is a hard-coded credential vulnerability in LoMag WareHouse Management application versions 1.0.20.120 and older. This allows attackers to bypass authentication and potentially access sensitive data or systems using default passwords. Organizations using affected versions of this warehouse management software are at risk.

💻 Affected Systems

Products:

LoMag WareHouse Management

Versions: 1.0.20.120 and older

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations with hard-coded passwords for forms and SQL connections.

📦 What is this software?

Lomag Warehouse Management by Logint

View all CVEs affecting Lomag Warehouse Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the warehouse management system, unauthorized data access/modification, potential lateral movement to connected systems, and business disruption.

🟠

Likely Case

Unauthorized access to warehouse management data, inventory manipulation, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of hard-coded credentials but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version newer than 1.0.20.120 if available.

🔧 Temporary Workarounds

Change Default Credentials

windows

Manually change all hard-coded passwords in application configuration and SQL connection settings

Network Segmentation

all

Isolate the warehouse management system from other networks and restrict access

🧯 If You Can't Patch

Implement strict network access controls and firewall rules to limit system access
Monitor for unauthorized access attempts and review logs regularly

🔍 How to Verify

Check if Vulnerable:

Check application version in settings or about dialog. If version is 1.0.20.120 or older, system is vulnerable.

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Verify that all default passwords have been changed and test authentication with known default credentials.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts with default credentials
Successful logins from unusual locations/times

Network Indicators:

Unusual database connection patterns
Traffic to warehouse management system from unauthorized sources

SIEM Query:

source="warehouse_app" AND (event_type="auth_failure" OR event_type="auth_success")

📊 Metadata

CVE ID: CVE-2024-32210

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-259

Published: May 1, 2024

Last Updated: September 19, 2025

🔗 References

https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management/ Exploit,Third Party Advisory
https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32210, you might also want to check these: