← back
CVE-2024-25735

CVE-2024-25735

CVSS 9.1 CRITICALEPSS 50.6%CWE-319
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/177082unverifiedexploitdbwww.exploit-db.com/exploits/51816unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/177082http://seclists.org/fulldisclosure/2024/Feb/11https://hyp3rlinx.altervista.org