CVE-2024-28744

moderate-risk
Published 2024-04-08

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

References (4)

https://jvn.jp/en/vu/JVNVU99285099/
https://www.furunosystems.co.jp/news/info/vulner20240401.html
https://jvn.jp/en/vu/JVNVU99285099/
https://www.furunosystems.co.jp/news/info/vulner20240401.html
32
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal