CVE-2024-58277 is a vulnerability categorized under CWE-312 (Cleartext Storage of Sensitive Information) found in R Radio Network FM Transmitter version 1.07. The flaw exists because the device stores the admin user's password in cleartext and exposes it through the system.cgi endpoint without requiring authentication. This design weakness allows any remote attacker to retrieve the admin password directly, bypassing all authentication mechanisms. Once the attacker obtains the password, they can access the FM transmitter's administrative interface and manipulate FM station settings, potentially disrupting broadcast operations or injecting unauthorized content. The vulnerability is remotely exploitable over the network without any user interaction or privileges, making it highly accessible to attackers. The CVSS 4.0 base score is 8.7, reflecting the critical confidentiality impact and ease of exploitation. No patches or exploits are currently publicly available, but the risk remains high due to the sensitive nature of the device and its role in broadcast infrastructure. The vulnerability highlights poor security design in embedded device credential management and the need for encrypted storage and secure access controls.

For European organizations, especially broadcasters and media companies using R Radio Network FM Transmitters, this vulnerability poses a significant risk of unauthorized access and control over FM transmission settings. Attackers could disrupt broadcast services, manipulate transmitted content, or cause denial of service by misconfiguring the device. This could lead to reputational damage, regulatory penalties, and loss of audience trust. Critical infrastructure operators relying on these devices may face operational disruptions. The confidentiality breach of admin credentials also increases the risk of lateral movement within organizational networks if the device is connected to broader IT infrastructure. Given the ease of exploitation and lack of authentication required, the threat is particularly acute for organizations with exposed or poorly segmented network environments.

1. Immediately isolate affected R Radio Network FM Transmitter devices from public and untrusted networks to reduce exposure. 2. Implement strict network segmentation and firewall rules to restrict access to the system.cgi endpoint only to trusted administrators. 3. Monitor network traffic for unusual access attempts to the transmitter's management interface. 4. Enforce strong password policies and consider changing default or known passwords if possible. 5. Engage with the vendor for firmware updates or patches addressing this vulnerability; apply them promptly once available. 6. If patching is delayed, consider deploying compensating controls such as VPN access for management interfaces or multi-factor authentication proxies. 7. Conduct security audits of all broadcast infrastructure devices to identify similar credential storage or access control weaknesses. 8. Train operational staff on recognizing signs of device compromise and incident response procedures.