CVE-2023-29114

Name of the Vulnerable Software and Affected Versions Enel X Waybox versions prior to the fixed version

Description The issue is related to a lack of access control in the web management application, allowing system logs to be accessed. An attacker can obtain sensitive information, including Wi-Fi access point credentials, APN web address and credentials, IPSEC credentials, web interface access credentials for user and admin accounts, JuiceBox system components, C2G configuration details, internal IP addresses, and OTA firmware update configurations. All credentials are stored in logs in an unencrypted plaintext format.

Recommendations For Enel X Waybox versions prior to the fixed version, refer to the remediation steps detailed in the security bulletin to address the issue. As a temporary workaround, consider restricting access to the web management application until a patch is available. Avoid using the web management application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.