Motorola Solutions Vigilant License Plate Readers

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to tamper with the device, access sensitive information and credentials, or perform a replay attack.

CVEs (7)

Remediations

• Motorola Solutions recommends the following for each identified vulnerability:
• CVE-2024-38279: Use secure boot implementation with an edit-resistant GRUB partition.
• CVE-2024-38279: Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.
• CVE-2024-38279: Edit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutionswill release a secure boot implementation in Fall 2024. All customers will receive the updatethrough OTA (over the air) mechanisms. No further actions are required by customers.
• CVE-2024-38280: Apply encryption to all Criminal Justice Information (CJI) data.
• CVE-2024-38280: Apply full disk encryption with LUKS encryption standards and add password protectionto the GRUB Bootloader.
• CVE-2024-38280: Perform column-level encryption for sensitive data in the database.
• CVE-2024-38280: All devices shipped after May 10, 2024 are already using full disk encryption. All devices thatare not able to have full disk encryption applied have had all CJI data encrypted. No furtheractions are required by customers.
• CVE-2024-38281: Remove the hard-coded credential to access the wireless access point and disable theaccess point if not needed.
• CVE-2024-38281: Set a unique SSID and password if the access point is needed.
• CVE-2024-38281: Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.
• CVE-2024-38282: Remove the hard coded credentials.
• CVE-2024-38282: Use a unique CJIS compliant password per device.
• CVE-2024-38282: Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.
• CVE-2024-38283: Remove the hotlist data from the device.
• CVE-2024-38283: Motorola Solutions has already remediated this vulnerability for all vulnerable systems. Nofurther actions are required by customers.
• CVE-2024-38284: Delete the log files.
• CVE-2024-38284: Install updated software not logging the credentialed web request.
• CVE-2024-38284: Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.
• CVE-2024-38285: Delete the log files.
• CVE-2024-38285: Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.

Affected Vendors

Affected Products (1)

Affected Sectors

Emergency Services