Insufficiently protected credentials in Vigilant Fixed LPR Coms Box (BCAV1F2-C600) - CVE-2024-38285

 

Insufficiently protected credentials in Vigilant Fixed LPR Coms Box (BCAV1F2-C600) - CVE-2024-38285

Published: June 14, 2024


Vulnerability identifier: #VU92113
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38285
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Motorola
Affected software:
Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the logs storing credentials are insufficiently protected. An attacker with physical access can use the open source tools and gain access to credentials on the system.


How to mitigate CVE-2024-38285

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources