Insufficiently protected credentials in WL3000 Fusion Software - CVE-2024-39278

 

Insufficiently protected credentials in WL3000 Fusion Software - CVE-2024-39278

Published: September 6, 2024


Vulnerability identifier: #VU96920
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39278
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Hughes Network Systems
Affected software:
WL3000 Fusion Software

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the credentials to access device configuration information are stored unencrypted in flash memory. An attacker with physical access can gain access to network configuration information and terminal configuration data.


How to mitigate CVE-2024-39278

Install updates from vendor's website.

Sources