This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
05 Aug 2024, 21:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Syrotech
Syrotech sy-gpon-1110-wdont Syrotech sy-gpon-1110-wdont Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory | |
CPE | cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:* cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:* |
|
CWE | CWE-312 |
01 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
26 Jul 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-26 12:15
Updated : 2024-08-05 21:05
NVD link : CVE-2024-41689
Mitre link : CVE-2024-41689
CVE.ORG link : CVE-2024-41689
JSON object : View
Products Affected
syrotech
- sy-gpon-1110-wdont
- sy-gpon-1110-wdont_firmware