CVE-2024-58277 - Vulnerability Details - OpenCVE

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
R Radio Network	Radio Network Fm Transmitter

No data.

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/51855
https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php

History

Fri, 05 Dec 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		R Radio Network R Radio Network radio Network Fm Transmitter
Vendors & Products		R Radio Network R Radio Network radio Network Fm Transmitter

Thu, 04 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
Title		R Radio Network FM Transmitter 1.07 System Settings Disclosure
Weaknesses		CWE-312
References		https://www.exploit-db.com/exploits/51855 https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-04T20:42:19.064Z

Updated: 2025-12-04T20:42:19.064Z

Reserved: 2025-12-04T16:29:09.649Z

Link: CVE-2024-58277

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-04T21:16:07.700

Modified: 2025-12-04T21:16:07.700

Link: CVE-2024-58277

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-58277", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-04T16:29:09.649Z", "datePublished": "2025-12-04T20:42:19.064Z", "dateUpdated": "2025-12-04T20:42:19.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Radio Network FM Transmitter", "vendor": "R Radio Network", "versions": [{"lessThan": "1.09", "status": "affected", "version": "1.07", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko LiquidWorm Krstic"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-04T20:42:19.064Z"}, "references": [{"name": "ExploitDB-51855", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/51855"}, {"name": "Security Advisory for ZSL-2023-5802", "tags": ["vendor-advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vendor has released version 1.09 to address this issue."}], "value": "Vendor has released version 1.09 to address this issue."}], "source": {"discovery": "UNKNOWN"}, "title": "R Radio Network FM Transmitter 1.07 System Settings Disclosure", "x_generator": {"engine": "vulncheck"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."}], "id": "CVE-2024-58277", "lastModified": "2025-12-04T21:16:07.700", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-04T21:16:07.700", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/51855"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}