CVE-2024-40892

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-1391
View all →

Vulnerability Description

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).

Related Vulnerabilities

CVE-2024-42027

MEDIUM
CVSS:6.7(Medium)

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

CWE-13912024

CVE-2022-3010

HIGH
CVSS:7.5(High)

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva To...

CWE-13912022

CVE-2024-45272

HIGH
CVSS:7.5(High)

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

CWE-13912024

CVE-2024-45722

HIGH
CVSS:7.5(High)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.

CWE-13912024

CVE-2024-21865

MEDIUM
CVSS:6.5(Medium)

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.

CWE-13912024

CVE-2025-2229

HIGH
CVSS:7.7(High)

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

CWE-13912025