CVE-2024-41690

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:32

Type Values Removed Values Added
References
  • () https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 -

05 Aug 2024, 21:06

Type Values Removed Values Added
First Time Syrotech
Syrotech sy-gpon-1110-wdont
Syrotech sy-gpon-1110-wdont Firmware
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory
CPE cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6

01 Aug 2024, 08:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad existe en el enrutador SyroTech SY-GPON-1110-WDONT debido al almacenamiento de credenciales de nombre de usuario y contraseña predeterminadas en texto plano dentro del firmware/base de datos del enrutador. Un atacante con acceso físico podría aprovechar esto extrayendo el firmware y aplicando ingeniería inversa a los datos binarios para acceder a las credenciales predeterminadas en texto plano en el sistema vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir al atacante obtener acceso no autorizado al sistema objetivo.
References
  • {'url': 'https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225', 'source': 'vdisclose@cert-in.org.in'}
  • () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 -

26 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-26 12:15

Updated : 2024-11-21 09:32


NVD link : CVE-2024-41690

Mitre link : CVE-2024-41690

CVE.ORG link : CVE-2024-41690


JSON object : View

Products Affected

syrotech

  • sy-gpon-1110-wdont
  • sy-gpon-1110-wdont_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information