SB2024061408 - Multiple vulnerabilities in Motorola Solutions Vigilant License Plate Readers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024061408

SB2024061408 - Multiple vulnerabilities in Motorola Solutions Vigilant License Plate Readers

Published: June 14, 2024

Security Bulletin ID SB2024061408
Severity
Medium
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 29% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2024-38279)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel. An attacker with physical access can modify the bootloader by using custom arguments to bypass authentication, gain access to the file system and obtain password hashes.


2) Cleartext Storage in a File or on Disk (CVE-ID: CVE-2024-38280)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage in a file or on disk. An attacker with physical access can gain unauthorized access to sensitive information on the system.


3) Use of hard-coded credentials (CVE-ID: CVE-2024-38281)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote user on the local network can access the maintenance console using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Insufficiently protected credentials (CVE-ID: CVE-2024-38282)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A local user can log into the camera's operating system and change the operations or shutdown the camera.


5) Missing Encryption of Sensitive Data (CVE-ID: CVE-2024-38283)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to sensitive customer information is stored in the device without encryption. An attacker with physical access can gain unauthorized access to sensitive information on the system.


6) Authentication Bypass by Capture-replay (CVE-ID: CVE-2024-38284)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the transmitted data is logged between the device and the backend service. A remote user can use these logs to perform a replay attack to replicate calls.


7) Insufficiently protected credentials (CVE-ID: CVE-2024-38285)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the logs storing credentials are insufficiently protected. An attacker with physical access can use the open source tools and gain access to credentials on the system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References