CVE-2024-38285 HIGH

CVE-2024-38285: Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Vendor Motorola Solutions
Product Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Weakness CWE-522 · Insufficiently protected credentials
Published June 13, 2024
Last update August 2, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.

Key dates

02Disclosure timeline

June 13, 2024 CVE published
August 2, 2024 Record updated