cve/2024/CVE-2024-2412.md

### [CVE-2024-2412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2412)
![](https://img.shields.io/static/v1?label=Product&message=Epage&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Rpage&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=earlier%20version%3C%3D%20v3.0.106.20231112%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=earlier%20version%3C%3D%20v5.4.103.20231111%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen)

### Description

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds