Main Vulnerability Database Vulnerabilities #VU96920

#VU96920 Insufficiently protected credentials in WL3000 Fusion Software - CVE-2024-39278

Published: September 6, 2024

Vulnerability identifier: #VU96920

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-39278

CWE-ID: CWE-522

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
WL3000 Fusion Software

Software vendor:
Hughes Network Systems

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the credentials to access device configuration information are stored unencrypted in flash memory. An attacker with physical access can gain access to network configuration information and terminal configuration data.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01

#VU96920 Insufficiently protected credentials in WL3000 Fusion Software - CVE-2024-39278

Description

Remediation

External links

Please verify you're human