MidnightBSD

Advisories for wyrestorm

CVE-2024-25734

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.

Products Affected

Vendor Product Version
wyrestorm apollo_vx20_firmware *
CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.

Products Affected

Vendor Product Version
wyrestorm apollo_vx20_firmware *
CVE-2024-25736

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.

Products Affected

Vendor Product Version
wyrestorm apollo_vx20_firmware *