CVE-2024-25735

high-risk

Published 2024-03-27

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.

Do I need to act?

90.8% chance of exploitation in next 30 days

EPSS score — higher than 9% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51816

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Apollo Vx20 Firmware

Affected Vendors

Wyrestorm

References (5)

Exploit http://packetstormsecurity.com/files/177082

Third Party Advisory https://hyp3rlinx.altervista.org

Exploit http://packetstormsecurity.com/files/177082

http://seclists.org/fulldisclosure/2024/Feb/11

Third Party Advisory https://hyp3rlinx.altervista.org

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal