Home / Vulnerability Intelligence / CVE-2026-24060

CVE-2026-24060 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 23, 2026

WebCTRL - Man in the Middle

Published: March 21, 2026Updated: March 23, 2026Remote Exploitable

Overview

WebCTRL transmits BACnet packets without encryption, allowing attackers to sniff and modify sensitive service information like File Start Position and File Data over the network, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 2.0%(Probability of exploitation in next 30 days)

Impact

Attackers can intercept and modify sensitive BACnet service information, leading to information disclosure and data tampering.

Mitigation

Implement encryption for BACnet packet transmission or update to a version that secures network communications.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 21, 2026

🔴 CVE-2026-24060 - Critical (9.1) Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24060/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24060
Severity: Critical
CVSS Score: 9.1
Type: man_in_the_middle
Status: unconfirmed
EPSS: 2.0%
Social Posts: 1

CWE

CWE-319

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.0%Probability of exploitation in the next 30 days