CVE-2024-40892

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 21, 2024
CWE ID 1391

Summary

CVE-2024-40892 is a vulnerability affecting Firewalla Box Software versions prior to 1.979. This issue permits a physically proximate attacker to authenticate using weak credentials over the Bluetooth Low-Energy (BTLE) interface. The attacker can obtain the required license UUID through Bluetooth sniffing, analyzing the QR code on the device, or, less likely, through brute-forcing. Successful exploitation grants access to the Local Area Network (LAN), allowing the attacker to log into the SSH interface using the obtained credentials.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share