CVE-2024-25730

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a Hitron substring, resulting in insufficient entropy (only about one million possibilities).

Weakness

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/59.html

References

• https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730
• https://i.ebayimg.com/images/g/I-8AAOSwGE9lsGwI/s-l1600.webp
• https://i.ebayimg.com/images/g/MwMAAOSwjTFk3kpd/s-l1600.webp
• https://i.ebayimg.com/images/g/VDcAAOSwlodlSuz4/s-l1600.webp
• https://i.ebayimg.com/images/g/XaAAAOSwvMNkuESk/s-l1600.webp
• https://i.ebayimg.com/images/g/hzUAAOSwUwVllGMZ/s-l1600.webp
• https://i.ebayimg.com/images/g/qK8AAOSwbr9lq3PJ/s-l1600.webp
• https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730
• https://i.ebayimg.com/images/g/I-8AAOSwGE9lsGwI/s-l1600.webp
• https://i.ebayimg.com/images/g/MwMAAOSwjTFk3kpd/s-l1600.webp
• https://i.ebayimg.com/images/g/VDcAAOSwlodlSuz4/s-l1600.webp
• https://i.ebayimg.com/images/g/XaAAAOSwvMNkuESk/s-l1600.webp
• https://i.ebayimg.com/images/g/hzUAAOSwUwVllGMZ/s-l1600.webp
• https://i.ebayimg.com/images/g/qK8AAOSwbr9lq3PJ/s-l1600.webp