PT-2024-31263 · Winbond+1 · W25Q64Jv+1
Anand Yadav
+1
·
Published
2024-09-09
·
Updated
2024-09-25
·
CVE-2024-44815
CVSS v3.1
8.0
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Hathway Skyworth Router CM5100 version 4.1.1.24
Description
The issue allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. This can lead to the exposure of sensitive information.
Recommendations
For version 4.1.1.24, consider restricting physical access to the device until a patch is available. As a temporary workaround, limit the use of the SPI flash Firmware W25Q64JV to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hathway Skyworth Router Cm5100
W25Q64Jv