Main Vulnerability Database SB2024093002

SB2024093002 - Multiple vulnerabilities in Smart-tab

Published: September 30, 2024

Security Bulletin ID SB2024093002

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Active Debug Code (CVE-ID: CVE-2024-41999)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the active debug code issue. An attacker with physical access can exploit the debug function to gain access to the OS functions and escalate the privilege.

2) Unprotected storage of credentials (CVE-ID: CVE-2024-42496)

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. An attacer with physical access can retrieve the credential information and spoof the device to access the related external service.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/jp/JVN42445661/index.html