CVE-2024-54745

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 6, 2024
Updated: Dec 11, 2024
CWE ID 276

Summary

CVE-2024-54745 is a newly identified vulnerability affecting the WAVLINK WN701AE M01AE_V240305 device. This issue involves a hardcoded password in the /etc/shadow file, which can be exploited by attackers to gain root access to the system. The presence of this hardcoded password bypasses the standard authentication process and poses a significant security risk. Unauthorized users who successfully exploit this vulnerability can take full control of the affected device and potentially compromise sensitive data or install malware. To mitigate this risk, it is recommended that users update their devices to the latest firmware version as soon as it becomes available, and change the root password to a strong and unique one.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share