Lucene search

[email protected]CVE-2024-2257

HistoryMay 14, 2024 - 3:18 p.m.

CVE-2024-2257

2024-05-1415:18:35

CWE-20

[email protected]

web.nvd.nist.gov

cve-2024-2257

digisol router

password policies

physical access

security threats

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digisol Router DG-GR1321",
    "vendor": "Digisol",
    "versions": [
      {
        "status": "affected",
        "version": "v3.2.02"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-2257

cvelist1 vulnrichment1 nvd1