CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47121 – Weak Passwords Requirements in goTenna Pro
https://notcve.org/view.php?id=CVE-2024-47121
The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast. The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 • CWE-521: Weak Password Requirements •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4999 – Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
https://notcve.org/view.php?id=CVE-2024-4999
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352. • https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •