CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47121 – Weak Passwords Requirements in goTenna Pro
https://notcve.org/view.php?id=CVE-2024-47121
26 Sep 2024 — The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast. The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past message... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 • CWE-521: Weak Password Requirements •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4999 – Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
https://notcve.org/view.php?id=CVE-2024-4999
16 May 2024 — A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352. A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This is... • https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •