CRITICAL🇵🇱 Wersja polska

CVE-2024-25730

CVSS 9.8v3.1pub. 2024-02-23upd. 2025-05-05

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).

🤖 AI Analysis
How it works

The default PSK key is created by concatenating the fixed string 'Hitron' with a 5-digit hexadecimal value. Such construction drastically limits the key space to approximately one million possibilities (CWE-331: insufficient entropy). An attacker, knowing the key generation scheme, can prepare a dictionary in advance or conduct a brute-force attack covering all possible combinations and guess the key in a relatively short time without any user interaction.

Impact

An attacker can obtain full unauthorized access to the Wi-Fi network protected by the default PSK key, enabling network traffic interception, access to connected devices, and further actions within the victim's local network.

Mitigation & patch

The default Wi-Fi PSK key must be changed immediately to a strong, randomly generated password of appropriate length and entropy. Apply patches available from the manufacturer according to the references. Until firmware is updated, manual PSK key change through the device's administrative panel is recommended.

Who is affected

Hitron CODA-4582 and CODA-4589 devices using default, factory-set PSK keys (firmware versions indicated in the manufacturer's references).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hitrontech Coda 4582u

    HW
    Hitrontech
    wszystkie wersje
  • Hitrontech Coda 4582u Firmware

    OS
    Hitrontech
    wszystkie wersje
  • Hitrontech Coda 4589

    HW
    Hitrontech
    wszystkie wersje
  • Hitrontech Coda 4589 Firmware

    OS
    Hitrontech
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-8824MEDIUM5.4ten sam produkt

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add ...

CVE-2023-30603CRITICAL9.8ten sam vendor

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning o...

CVE-2023-30604CRITICAL9.8ten sam vendor

It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitro...

CVE-2022-25017CRITICAL9.1ten sam vendor

Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername...

CVE-2022-47616HIGH7.2ten sam vendor

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote ...