Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-58277

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-04 Dec, 2025 | 20:42
Updated At-05 Dec, 2025 | 16:48
Rejected At-
Credits

R Radio Network FM Transmitter 1.07 System Settings Disclosure

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:04 Dec, 2025 | 20:42
Updated At:05 Dec, 2025 | 16:48
Rejected At:
▼CVE Numbering Authority (CNA)
R Radio Network FM Transmitter 1.07 System Settings Disclosure

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

Affected Products
Vendor
R Radio Network
Product
Radio Network FM Transmitter
Default Status
unaffected
Versions
Affected
  • From 1.07 before 1.09 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312 Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312 Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Vendor has released version 1.09 to address this issue.

Configurations
Workarounds
Exploits
Credits
finder
Gjoko LiquidWorm Krstic
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/51855
exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
vendor-advisory
https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/51855
Resource:
exploit
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
Resource:
vendor-advisory
Hyperlink: https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:04 Dec, 2025 | 21:16
Updated At:08 Dec, 2025 | 18:27

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-312Primarydisclosure@vulncheck.com
CWE ID: CWE-312
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exploit-db.com/exploits/51855disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosuredisclosure@vulncheck.com
N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.phpdisclosure@vulncheck.com
N/A
Hyperlink: https://www.exploit-db.com/exploits/51855
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2024-45862
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 15:54
Updated-20 Sep, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Storage of Sensitive Information in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.

Action-Not Available
Vendor-Kastle Systemskastlesystems
Product-Access Control Systemaccess_control_system_firmware
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-36887
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 20:49
Updated-17 Dec, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.

Action-Not Available
Vendor-spinetixSpinetiX AG
Product-fusion_digital_signageFusion Digital Signage
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2026-27520
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 15:07
Updated-24 Feb, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Action-Not Available
Vendor-Binardat Ltd.
Product-10G08-0800GSM Network Switch
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-3742
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-9.61% / 92.73%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 22:15
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.

Action-Not Available
Vendor-Electrolinkelectrolink
Product-VHF TV TransmitterDigital FM TransmitterUHF TV TransmitterCompact FM TransmitterCompact DAB TransmitterHigh Power DAB TransmitterMedium DAB TransmitterModular FM Transmitterhigh power dab transmitterdigital fm transmittermedium dab transmittermodular fm transmittervhf tv transmittercompact fm transmittercompact dab transmitter
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
Details not found