This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2024, 21:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory | |
CPE | cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:* cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
First Time |
Syrotech
Syrotech sy-gpon-1110-wdont Syrotech sy-gpon-1110-wdont Firmware |
01 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
26 Jul 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-26 12:15
Updated : 2024-11-21 09:32
NVD link : CVE-2024-41688
Mitre link : CVE-2024-41688
CVE.ORG link : CVE-2024-41688
JSON object : View
Products Affected
syrotech
- sy-gpon-1110-wdont
- sy-gpon-1110-wdont_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information