Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Posted date 15/03/2024
Importance
3 - Medium
Affected Resources
  • FriendlyWrt, 2022-11-16.51b3d35 version.
Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting FriendlyWrt, version 2022-11-16.51b3d35, a custom system made by FriendlyElec based on an OpenWrt distribution, which has been discovered by HADESS.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and CWE vulnerability type:

  • CVE-2024-2495: 5.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | CWE-321.
Solution

There is no reported solution at this time.

Detail

CVE-2024-2495: cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.

References list