CVE-2024-25734

moderate-risk

Published 2024-03-27

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.

Do I need to act?

4.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51814

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Apollo Vx20 Firmware

Affected Vendors

Wyrestorm

References (5)

Exploit http://packetstormsecurity.com/files/177081

Third Party Advisory https://hyp3rlinx.altervista.org

Exploit http://packetstormsecurity.com/files/177081

http://seclists.org/fulldisclosure/2024/Feb/9

Third Party Advisory https://hyp3rlinx.altervista.org

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 5/34 · Minimal