CVE-2024-28143 is a vulnerability classified under CWE-620 (Unverified Password Change) affecting Image Access GmbH's Scan2Net product. The core issue lies in the password change functionality located at /cgi/admin.cgi, which does not require the user to provide the current password before setting a new one. This design flaw enables an attacker to reset any user's password by manipulating the -rsetpass+-aaction+- parameter, potentially exploiting a Cross-Site Request Forgery (CSRF) vulnerability to perform the attack remotely without authentication or user interaction. The vulnerability compromises the confidentiality, integrity, and availability of the affected system by allowing unauthorized account takeover, which could lead to further malicious activities such as data exfiltration, configuration changes, or denial of service. The CVSS v3.1 base score of 8.4 reflects the high impact and low attack complexity, with the attack vector being local network access (AV:L), no privileges required (PR:N), and no user interaction (UI:N). Although no public exploits have been reported yet, the vulnerability's nature and ease of exploitation make it a critical concern for organizations using Scan2Net devices, particularly in environments where secure document processing is essential.

For European organizations, this vulnerability poses a significant risk to the security of document scanning and imaging infrastructure. Unauthorized password resets can lead to account takeovers, enabling attackers to access sensitive scanned documents, alter device configurations, or disrupt scanning services. This can result in data breaches involving confidential information, loss of operational availability, and potential compliance violations under regulations such as GDPR. Organizations in sectors like government, healthcare, legal, and finance that rely heavily on secure document workflows are particularly vulnerable. The compromise of Scan2Net devices could also serve as a foothold for lateral movement within internal networks, increasing the overall risk exposure. The local network attack vector means that attackers need some level of network access, which could be achieved via compromised internal hosts or through social engineering attacks that place malicious actors within the network perimeter.

Immediate mitigation steps include restricting access to the Scan2Net administrative interface to trusted network segments and implementing network segmentation to limit exposure. Organizations should deploy Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) capable of detecting and blocking CSRF attempts and suspicious parameter manipulations targeting /cgi/admin.cgi. Administrators should monitor logs for unusual password reset activities and enforce strong network access controls, including VPNs and zero-trust principles for remote access. Since no official patch is currently available, organizations should engage with Image Access GmbH for updates and apply patches promptly once released. Additionally, implementing multi-factor authentication (MFA) on administrative accounts, if supported, can reduce the risk of unauthorized access. Security awareness training to recognize phishing and social engineering attempts that could facilitate network access is also recommended.