CVE-2024-25735 is a critical security vulnerability identified in WyreStorm Apollo VX20 devices running firmware versions before 1.3.58. The flaw resides in the device's SoftAP interface, specifically in the handling of the /device/config GET request. This endpoint improperly exposes cleartext passwords, allowing remote attackers to retrieve sensitive credentials without requiring any authentication or user interaction. The vulnerability is classified under CWE-319, which pertains to the transmission of sensitive information in cleartext. The CVSS v3.1 base score of 9.1 indicates a critical severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality and integrity (C:H/I:H), but no impact on availability (A:N). Exploiting this vulnerability enables attackers to gain unauthorized access to device credentials, potentially leading to full device compromise, unauthorized configuration changes, or pivoting within the network. Although no public exploits are currently reported, the exposure of cleartext passwords over the network presents a significant risk, especially in environments where these devices are used for AV distribution or control in enterprise or critical infrastructure settings. The absence of patches at the time of disclosure necessitates immediate mitigation steps to reduce exposure.

For European organizations, the impact of CVE-2024-25735 can be substantial, particularly for those deploying WyreStorm Apollo VX20 devices in conference rooms, control centers, or other AV-integrated environments. The exposure of cleartext passwords allows attackers to bypass authentication controls, leading to unauthorized access to device management interfaces. This can result in unauthorized configuration changes, interception or manipulation of AV streams, and potential lateral movement within corporate networks. Confidentiality is severely impacted as sensitive credentials are exposed, and integrity is compromised due to the possibility of unauthorized modifications. Although availability is not directly affected, the downstream effects of unauthorized access could disrupt operations. Organizations in sectors such as finance, government, healthcare, and manufacturing—where AV systems are integrated into critical workflows—face increased risk of espionage, data leakage, or operational disruption. The lack of known exploits currently reduces immediate threat but does not diminish the urgency for mitigation given the ease of exploitation and critical severity.

1. Immediately restrict network access to the SoftAP interface of WyreStorm Apollo VX20 devices by implementing network segmentation and firewall rules to limit exposure to trusted management hosts only. 2. Disable the SoftAP feature if it is not required for device operation to eliminate the attack surface. 3. Monitor network traffic for unusual GET requests to /device/config endpoints and implement intrusion detection/prevention rules to alert on or block such attempts. 4. Engage with WyreStorm support or vendors to obtain firmware updates or patches as soon as they become available and prioritize their deployment. 5. Conduct a thorough inventory of all WyreStorm Apollo VX20 devices within the organization to assess exposure and prioritize remediation. 6. Educate IT and security teams about this vulnerability to ensure rapid response and awareness. 7. Consider implementing multi-factor authentication or additional access controls around device management interfaces where possible to reduce risk of unauthorized access. 8. Review and update incident response plans to include scenarios involving AV device compromise.