Insufficiently protected credentials in WL3000 Fusion Software - CVE-2024-39278
Published: September 6, 2024
Vulnerability identifier: #VU96920
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39278
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Hughes Network Systems
Affected software:
WL3000 Fusion Software
WL3000 Fusion Software
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the credentials to access device configuration information are stored unencrypted in flash memory. An attacker with physical access can gain access to network configuration information and terminal configuration data.
How to mitigate CVE-2024-39278
Install updates from vendor's website.