CVE-2024-3109

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published May 3, 2024
CWE ID 862

Summary

CVE-2024-3109 is a newly disclosed vulnerability affecting the Motorola GuideMe application. The issue involves a hard-coded AES key that, when combined with a lack of URI sanitation, permits local attackers to access arbitrary files. An attacker could potentially exploit this flaw to obtain sensitive information stored on the affected device. The vulnerability underscores the importance of secure coding practices, particularly when dealing with encryption keys and user input validation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share