CVE-2024-28744

EUVD-2024-25833
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
furunosystemsacera_9010-08_firmware
𝑥
≤ 02.04
ADP
furunosystemsacera_9010-24_firmware
𝑥
≤ 02.04
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU99285099/
https://www.furunosystems.co.jp/news/info/vulner20240401.html
https://jvn.jp/en/vu/JVNVU99285099/
https://www.furunosystems.co.jp/news/info/vulner20240401.html