CVE-2024-46383 identifies a vulnerability in the Hathway Skyworth Router CM5100-511 running firmware version 4.1.1.24, where sensitive information related to USB and WiFi connected devices is stored in plaintext within the device. This flaw corresponds to CWE-312, which involves the storage of sensitive data without encryption or adequate protection. The vulnerability allows an unauthenticated attacker with physical or network access to the router to potentially retrieve information about connected devices, such as device identifiers or configuration details, without requiring user interaction. The CVSS v3.1 base score is 2.4, reflecting a low severity primarily due to the limited confidentiality impact and the requirement for local or physical access (Attack Vector: Physical). There is no impact on integrity or availability, and no privileges or user interaction are needed. No patches or mitigations have been officially released, and no known exploits have been observed in the wild. This vulnerability could be leveraged as part of a broader attack chain by providing attackers with reconnaissance data to identify targets or plan further attacks. However, the direct risk to systems is minimal given the nature of the exposed data and the limited attack vector.

The primary impact of CVE-2024-46383 is the disclosure of sensitive information about USB and WiFi connected devices stored in plaintext on the affected router. This information leakage could aid attackers in network reconnaissance, enabling them to identify device types, configurations, or connected peripherals, which might be used to tailor subsequent attacks or social engineering efforts. However, since the vulnerability does not affect the integrity or availability of the router or connected devices, the direct operational impact is low. Organizations relying on these routers could face increased risk of targeted attacks if adversaries gain physical or network access to the device. The lack of encryption for sensitive data also raises privacy concerns, especially in environments handling confidential or proprietary information. The absence of known exploits and the low CVSS score suggest limited immediate threat, but the vulnerability could be more significant in high-security or sensitive environments where device information confidentiality is critical.

To mitigate CVE-2024-46383, organizations should first monitor for any firmware updates or patches released by Hathway or Skyworth addressing this vulnerability and apply them promptly. In the absence of official patches, network administrators should restrict physical and network access to the affected routers to trusted personnel only, minimizing the risk of unauthorized data retrieval. Implementing network segmentation can isolate critical devices and reduce exposure. Additionally, disabling unnecessary USB or WiFi features on the router can limit the amount of sensitive data stored. Regularly auditing connected devices and router configurations can help detect unusual activity. Employing encrypted communication channels and VPNs for remote access can further protect sensitive information. Finally, organizations should consider replacing or upgrading routers with models that follow best practices for sensitive data handling and encryption.