CVE-2024-25730
Severity CVSS v4.0:
Pending analysis
Type:
CWE-331
Insufficient Entropy
Publication date:
23/02/2024
Last modified:
05/05/2025
Description
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hitrontech:coda-4582u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hitrontech:coda-4582u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hitrontech:coda-4589_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hitrontech:coda-4589:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730
- https://i.ebayimg.com/images/g/I-8AAOSwGE9lsGwI/s-l1600.webp
- https://i.ebayimg.com/images/g/MwMAAOSwjTFk3kpd/s-l1600.webp
- https://i.ebayimg.com/images/g/VDcAAOSwlodlSuz4/s-l1600.webp
- https://i.ebayimg.com/images/g/XaAAAOSwvMNkuESk/s-l1600.webp
- https://i.ebayimg.com/images/g/hzUAAOSwUwVllGMZ/s-l1600.webp
- https://i.ebayimg.com/images/g/qK8AAOSwbr9lq3PJ/s-l1600.webp
- https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730
- https://i.ebayimg.com/images/g/I-8AAOSwGE9lsGwI/s-l1600.webp
- https://i.ebayimg.com/images/g/MwMAAOSwjTFk3kpd/s-l1600.webp
- https://i.ebayimg.com/images/g/VDcAAOSwlodlSuz4/s-l1600.webp
- https://i.ebayimg.com/images/g/XaAAAOSwvMNkuESk/s-l1600.webp
- https://i.ebayimg.com/images/g/hzUAAOSwUwVllGMZ/s-l1600.webp
- https://i.ebayimg.com/images/g/qK8AAOSwbr9lq3PJ/s-l1600.webp