1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Motorola Solutions
- Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Encryption of Sensitive Data, Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to tamper with the device, access sensitive information and credentials, or perform a replay attack.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Motorola Vigilant License Plate Readers are affected:
- Vigilant Fixed LPR Coms Box (BCAV1F2-C600): Versions 3.1.171.9 and prior
3.2 Vulnerability Overview
3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
CVE-2024-38279 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.6 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2024-38279. A base score of 5.1 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories