Lucene search

[email protected]CVE-2024-4231

HistoryMay 14, 2024 - 3:43 p.m.

CVE-2024-4231

2024-05-1415:43:08

CWE-1191

[email protected]

web.nvd.nist.gov

cve-2024-4231

digisol router

hardware version

firmware version

root terminal access

physical access

uart pins

access control

sensitive information

nvd

vulnerability

6.8 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by identifying UART pins and accessing the root shell on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to access the sensitive information on the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digisol Router DG-GR1321",
    "vendor": "Digisol",
    "versions": [
      {
        "status": "affected",
        "version": "v3.2.02"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

6.8 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-4231

nvd1 cvelist1