Multiple vulnerabilities in RoamWiFi R10
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-31406 CVE-2024-32051 |
| CWE-ID | CWE-489 CWE-532 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
RoamWiFi R10 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | RoamWiFi Technology |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Active Debug Code
EUVDB-ID: #VU88993
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31406
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the active debug code issue. A remote attacker on the local network can perform unauthorized operations.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRoamWiFi R10: All versions
CPE2.3 External linkshttps://www.roamwifi.hk/product.jsp
https://jvn.jp/en/jp/JVN62737544/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU88994
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-32051
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A remote attacker on the local network can read the log files and gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRoamWiFi R10: All versions
CPE2.3 External linkshttps://www.roamwifi.hk/product.jsp
https://jvn.jp/en/jp/JVN62737544/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
