CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38285 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38285
13 Jun 2024 — Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. Los registros que almacenan credenciales no están suficientemente protegidos y pueden decodificarse mediante el uso de herramientas de código abierto. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38284 – Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38284
13 Jun 2024 — Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. Los datos transmitidos se registran entre el dispositivo y el servicio backend. Un atacante podría utilizar estos registros para realizar un ataque de repetición para replicar llamadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38283 – Missing Encryption of Sensitive Data in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38283
13 Jun 2024 — Sensitive customer information is stored in the device without encryption. La información confidencial del cliente se almacena en el dispositivo sin cifrado. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38282 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38282
13 Jun 2024 — Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. Al utilizar las credenciales predeterminadas, un atacante puede iniciar sesión en el sistema operativo de la cámara, lo que podría permitir realizar cambios en las operaciones o apagar la cámara, lo que requeriría un reinicio físico del sistema. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38281 – Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38281
13 Jun 2024 — An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. Un atacante puede acceder a la consola de mantenimiento utilizando credenciales codificadas para una red inalámbrica oculta en el dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38280 – Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38280
13 Jun 2024 — An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. Un usuario no autorizado puede obtener acceso a datos confidenciales, incluidas las credenciales, recuperando físicamente el disco duro del producto, ya que los datos se almacenan en texto plano. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38279 – Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38279
13 Jun 2024 — The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. El producto afectado es vulnerable a que un atacante modifique el gestor de arranque mediante el uso de argumentos personalizados para eludir la autenticación y obtener acceso al sistema de archivos y obtener hashes de contraseña. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •