Hard-Coded Credentials Expose Maintenance Console to Attack
CVE-2024-38281

9.8CRITICAL

Key Information:

Vendor: Motorola Solutions
Status: Vigilant Fixed Lpr Coms Box (bcav1f2-c600)
Vendor: CVE Published:; 13 June 2024

Summary

The vulnerability associated with hard coded credentials allows attackers to gain unauthorized access to the maintenance console of certain wireless network devices. This security flaw enables unauthorized users to manipulate device settings or access sensitive information, potentially compromising the integrity and availability of the device network. Organizations using these wireless network devices should take immediate action to assess their exposure and implement necessary mitigations.

Affected Version(s)

Vigilant Fixed LPR Coms Box (BCAV1F2-C600) 0 <= 3.1.171.9

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Jun 12, 2024

Credit

The Michigan State Police Michigan Cyber Command Center (MC3)