CVE-2024-3082

MEDIUM

Proges Sensor Net Connect Firmware - Plaintext Password Storage

Title source: llm

Description

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled.

References (1)

[Third Party Advisory] https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3082

Scores

CVSS v3 4.2

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (1)

proges/sensor_net_connect_firmware_v2

Timeline

Published Jul 31, 2024

Tracked Since Feb 18, 2026