This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
05 Aug 2024, 21:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:* cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
First Time |
Syrotech
Syrotech sy-gpon-1110-wdont Syrotech sy-gpon-1110-wdont Firmware |
|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory |
01 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
26 Jul 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-26 12:15
Updated : 2024-08-05 21:05
NVD link : CVE-2024-41688
Mitre link : CVE-2024-41688
CVE.ORG link : CVE-2024-41688
JSON object : View
Products Affected
syrotech
- sy-gpon-1110-wdont_firmware
- sy-gpon-1110-wdont
CWE
CWE-312
Cleartext Storage of Sensitive Information