RoamWiFi R10 CVE-2024-31406
HIGHSeverity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (jpcert) · only source for this CVE.
CVSS VectorVendor: jpcert
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations.
AnalysisAI
Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-489. Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. Version information: prior to 4.8.45..
Affected ProductsAI
RoamWiFi R10.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-489 – Active Debug Code
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today