PT-2024-22553 · Acera · Acera 9010-08+1
Published
2024-04-07
·
Updated
2024-08-01
·
CVE-2024-28744
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ACERA 9010-08 firmware versions v02.04 and earlier
ACERA 9010-24 firmware versions v02.04 and earlier
Description
The password is empty in the initial configuration, allowing an unauthenticated attacker to log in with no password and obtain or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
Recommendations
For ACERA 9010-08 firmware versions v02.04 and earlier, update the firmware to a version later than v02.04 to set a secure password.
For ACERA 9010-24 firmware versions v02.04 and earlier, update the firmware to a version later than v02.04 to set a secure password.
As a temporary workaround, consider changing the initial configuration to set a secure password until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acera 9010-08
Acera 9010-24