CVE-2024-28744

Summary

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.

Affected Software

VendorProductVersion RangeStatus
FURUNO SYSTEMS Co.,Ltd.ACERA 9010-08firmware v02.04 and earlieraffected
FURUNO SYSTEMS Co.,Ltd.ACERA 9010-24firmware v02.04 and earlieraffected

Weaknesses

  • Empty Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References