Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt
Posted date 15/03/2024
Importance
3 - Medium
Affected Resources
- FriendlyWrt, 2022-11-16.51b3d35 version.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting FriendlyWrt, version 2022-11-16.51b3d35, a custom system made by FriendlyElec based on an OpenWrt distribution, which has been discovered by HADESS.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and CWE vulnerability type:
- CVE-2024-2495: 5.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | CWE-321.
Solution
There is no reported solution at this time.
Detail
CVE-2024-2495: cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.
References list
Etiquetas