This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2024, 21:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Syrotech
Syrotech sy-gpon-1110-wdont Syrotech sy-gpon-1110-wdont Firmware |
|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory | |
CPE | cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:* cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
01 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
|
26 Jul 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-26 12:15
Updated : 2024-11-21 09:32
NVD link : CVE-2024-41690
Mitre link : CVE-2024-41690
CVE.ORG link : CVE-2024-41690
JSON object : View
Products Affected
syrotech
- sy-gpon-1110-wdont
- sy-gpon-1110-wdont_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information