CVE-2024-44815

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hathway:skyworth_cm5100-511_firmware:4.1.1.24:*:*:*:*:*:*:*
cpe:2.3:h:hathway:skyworth_cm5100-511:-:*:*:*:*:*:*:*

History

25 Sep 2024, 19:17

Type Values Removed Values Added
CWE CWE-522
CPE cpe:2.3:h:hathway:skyworth_cm5100-511:-:*:*:*:*:*:*:*
cpe:2.3:o:hathway:skyworth_cm5100-511_firmware:4.1.1.24:*:*:*:*:*:*:*
References () https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815- - () https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815- - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 8.0
v2 : unknown
v3 : 4.6
Summary
  • (es) Una vulnerabilidad en Hathway Skyworth Router CM5100 v.4.1.1.24 permite a un atacante físicamente próximo obtener credenciales de usuario a través del firmware flash SPI W25Q64JV.
First Time Hathway skyworth Cm5100-511 Firmware
Hathway skyworth Cm5100-511
Hathway

10 Sep 2024, 22:15

Type Values Removed Values Added
Summary (en) An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain sensitive information via SPI flash Firmware W25Q64JV (en) Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.

10 Sep 2024, 21:35

Type Values Removed Values Added
CWE CWE-256
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0

10 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 16:15

Updated : 2024-09-25 19:17


NVD link : CVE-2024-44815

Mitre link : CVE-2024-44815

CVE.ORG link : CVE-2024-44815


JSON object : View

Products Affected

hathway

  • skyworth_cm5100-511_firmware
  • skyworth_cm5100-511
CWE
CWE-522

Insufficiently Protected Credentials

CWE-256

Plaintext Storage of a Password