CVE-2024-58277 - Vulnerability Details - OpenCVE

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Vendor has released version 1.09 to address this issue.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.exploit-db.com/exploits/51855
https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php

History

Thu, 04 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
Title		R Radio Network FM Transmitter 1.07 System Settings Disclosure
Weaknesses		CWE-312
References		https://www.exploit-db.com/exploits/51855 https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-04T20:42:19.064Z

Updated: 2025-12-04T20:42:19.064Z

Reserved: 2025-12-04T16:29:09.649Z

Link: CVE-2024-58277

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-04T21:16:07.700

Modified: 2025-12-04T21:16:07.700

Link: CVE-2024-58277

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-312

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-58277", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-04T16:29:09.649Z", "datePublished": "2025-12-04T20:42:19.064Z", "dateUpdated": "2025-12-04T20:42:19.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Radio Network FM Transmitter", "vendor": "R Radio Network", "versions": [{"lessThan": "1.09", "status": "affected", "version": "1.07", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko LiquidWorm Krstic"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-04T20:42:19.064Z"}, "references": [{"name": "ExploitDB-51855", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/51855"}, {"name": "Security Advisory for ZSL-2023-5802", "tags": ["vendor-advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vendor has released version 1.09 to address this issue."}], "value": "Vendor has released version 1.09 to address this issue."}], "source": {"discovery": "UNKNOWN"}, "title": "R Radio Network FM Transmitter 1.07 System Settings Disclosure", "x_generator": {"engine": "vulncheck"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "id": "CVE-2024-58277", "lastModified": "2025-12-04T21:16:07.700", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-04T21:16:07.700", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/51855"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}