Lucene search

IcscertVULNRICHMENT:CVE-2024-38282

HistoryJun 13, 2024 - 5:13 p.m.

CVE-2024-38282 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

2024-06-1317:13:39

CWE-522

icscert

github.com

motorola solutions

vigilant fixed lpr

unauthorized access

camera control

default credentials

physical reboot

8.5 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Utilizing default credentials, an attacker is able to log into the camera’s operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.

CNA Affected

[
  {
    "vendor": "Motorola Solutions",
    "product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.1.171.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-165-19

8.5 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-38282