Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Posted date 15/03/2024
3 - Medium
Affected Resources
  • FriendlyWrt, 2022-11-16.51b3d35 version.

INCIBE has coordinated the publication of a medium severity vulnerability affecting FriendlyWrt, version 2022-11-16.51b3d35, a custom system made by FriendlyElec based on an OpenWrt distribution, which has been discovered by HADESS.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and CWE vulnerability type:

  • CVE-2024-2495: 5.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | CWE-321.

There is no reported solution at this time.


CVE-2024-2495: cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.

References list