CVE-2024-25735

Published: 27/03/2024 Updated: 27/03/2024

An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.

Check Point Reference: CPAI-2024-0300 Date Published: 5 Jun 2024 Severity: High ...

WyreStorm Apollo VX20 versions prior to 1358 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET ...

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735txt [+] twittercom/hyp3rlinx [+] ISR: ApparitionSec [Vendor] wwwwyrestormcom [Product] APOLLO VX20 < 1358 [Vulnerabilit ...

CVE-2024-25735 - WyreStorm Apollo VX20 - Information Disclosure

CVE-2024-25735 CVE-2024-25735 - WyreStorm Apollo VX20 - Information Disclosure

https://hyp3rlinx.altervista.org http://packetstormsecurity.com/files/177082 https://nvd.nist.gov https://github.com/codeb0ss/CVE-2024-25735-PoC https://seclists.org/fulldisclosure/2024/Feb/11 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0300.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-25735

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect