CVE-2024-41688

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:32

Type Values Removed Values Added
References
  • () https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 -

05 Aug 2024, 21:05

Type Values Removed Values Added
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory
CPE cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6
First Time Syrotech
Syrotech sy-gpon-1110-wdont
Syrotech sy-gpon-1110-wdont Firmware

01 Aug 2024, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225', 'source': 'vdisclose@cert-in.org.in'}
  • () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 -
Summary
  • (es) Esta vulnerabilidad existe en el enrutador SyroTech SY-GPON-1110-WDONT debido a la falta de cifrado en el almacenamiento de nombres de usuario y contraseñas dentro del firmware/base de datos del enrutador. Un atacante con acceso físico podría aprovechar esto extrayendo el firmware y aplicando ingeniería inversa a los datos binarios para acceder a las credenciales en texto plano en el sistema vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir al atacante obtener acceso no autorizado al sistema objetivo.

26 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-26 12:15

Updated : 2024-11-21 09:32


NVD link : CVE-2024-41688

Mitre link : CVE-2024-41688

CVE.ORG link : CVE-2024-41688


JSON object : View

Products Affected

syrotech

  • sy-gpon-1110-wdont
  • sy-gpon-1110-wdont_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information