CVE-2024-58277
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| r_radio_network | fm_transmitter | 1.07 |
| r_radio_network | fm_transmitter | 1.09 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint. This access enables attackers to bypass authentication and gain control over FM station setup functions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized control of the FM transmitter's administrative functions, potentially allowing attackers to manipulate FM station settings, disrupt service, or compromise the device's operation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending an unauthenticated HTTP request to the system.cgi endpoint of the R Radio Network FM Transmitter version 1.07. For example, using a command like `curl http://<target-ip>/system.cgi` can reveal an HTML page containing the admin user's clear-text password in a password input field if the device is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the R Radio Network FM Transmitter from version 1.07 to version 1.09, which the vendor released to address this vulnerability. Until the upgrade can be applied, restrict network access to the device's system.cgi endpoint to trusted users only, and monitor for any unauthorized access attempts. [1]