CVE-2024-38284
published 2024-06-13CVE-2024-38284: Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.
PriorityP344high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.34%
26.1th percentile
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| motorola_solutions | vigilant_fixed_lpr_coms_box | <= 3.1.171.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Motorola Solutions Vigilant License Plate Readers
cisa_ics·2024-06-13·CVSS 5.1
[MEDIUM] Motorola Solutions Vigilant License Plate Readers
ICS Advisory
##
Motorola Solutions Vigilant License Plate Readers
Release DateJune 13, 2024
Alert CodeICSA-24-165-19
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Motorola Solutions
- Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Encryption of Sensitive Data, Authentication Bypass by Capture-replay
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to tamper wi
GHSA
GHSA-836g-2rjm-jcvv: Transmitted data is logged between the device and the backend service
ghsa_unreviewed·2024-06-13
CVE-2024-38284 CWE-294 GHSA-836g-2rjm-jcvv: Transmitted data is logged between the device and the backend service
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-13
Published