CVE-2024-1272: CWE-540 Inclusion of Sensitive Information in Source Code in TNB Mobile Solutions Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1.
AI Analysis
Technical Summary
This vulnerability (CWE-540) in TNB Mobile Solutions Cockpit Software allows an unauthenticated attacker to retrieve sensitive information embedded in the source code. The affected versions are those before v0.251.1. The CVSS 3.1 base score is 7.5, reflecting a network attack vector with low attack complexity, no privileges required, no user interaction, and a high impact on confidentiality. No official remediation level or patch information is currently available, and the product is not a cloud service.
Potential Impact
Successful exploitation results in disclosure of sensitive information embedded in the source code, potentially exposing confidential data. There is no impact on integrity or availability. This could lead to further attacks if the sensitive data includes credentials or keys.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, avoid using affected versions prior to v0.251.1 and monitor vendor communications for updates.
CVE-2024-1272: CWE-540 Inclusion of Sensitive Information in Source Code in TNB Mobile Solutions Cockpit Software
Description
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-540) in TNB Mobile Solutions Cockpit Software allows an unauthenticated attacker to retrieve sensitive information embedded in the source code. The affected versions are those before v0.251.1. The CVSS 3.1 base score is 7.5, reflecting a network attack vector with low attack complexity, no privileges required, no user interaction, and a high impact on confidentiality. No official remediation level or patch information is currently available, and the product is not a cloud service.
Potential Impact
Successful exploitation results in disclosure of sensitive information embedded in the source code, potentially exposing confidential data. There is no impact on integrity or availability. This could lead to further attacks if the sensitive data includes credentials or keys.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, avoid using affected versions prior to v0.251.1 and monitor vendor communications for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TR-CERT
- Date Reserved
- 2024-02-06T12:32:59.239Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a204ceae29bf47b50ca129d
Added to database: 6/3/2026, 3:48:58 PM
Last enriched: 6/3/2026, 4:04:51 PM
Last updated: 6/4/2026, 5:08:10 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.