CVE-2024-39278: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-39278 affects Hughes Network Systems' WL3000 Fusion Software versions prior to 2.7.0.10. The vulnerability involves credentials to access device configuration information being stored unencrypted in flash memory, which could potentially expose network configuration information and terminal configuration data (CISA Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.2 (Medium) with the vector string AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. Additionally, it received a CVSS v4.0 base score of 5.1 with the vector string CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. The vulnerability is classified under CWE-522 (Insufficiently Protected Credentials) (CISA Advisory, NVD).

If exploited, this vulnerability would allow an attacker to obtain read-only access to network configuration information and terminal configuration data stored in the device (CISA Advisory).

Hughes Network Systems has released version 2.7.0.10 of the WL3000 Fusion Software to patch this vulnerability. The fix requires no action by the user. CISA recommends implementing network segmentation, using firewalls, and isolating control system networks from business networks (CISA Advisory).