Insufficiently protected credentials in Vigilant Fixed LPR Coms Box (BCAV1F2-C600) - CVE-2024-38285
Published: June 14, 2024
Vulnerability identifier: #VU92113
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38285
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Motorola
Affected software:
Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the logs storing credentials are insufficiently protected. An attacker with physical access can use the open source tools and gain access to credentials on the system.
How to mitigate CVE-2024-38285
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.