Lucene search

MitreCVE-2024-44815

HistorySep 10, 2024 - 4:15 p.m.

CVE-2024-44815

2024-09-1016:15:20

CWE-256

CWE-522

mitre

web.nvd.nist.gov

vulnerability

hathway skyworth router

cm5100

credentials

theft

spi flash firmware

w25q64jv

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.

Affected configurations

Nvd

Node

hathwayskyworth_cm5100-511_firmwareMatch4.1.1.24

AND

hathwayskyworth_cm5100-511Match-

VendorProductVersionCPE
hathwayskyworth_cm5100-511_firmware4.1.1.24cpe:2.3:o:hathway:skyworth_cm5100-511_firmware:4.1.1.24:*:*:*:*:*:*:*
hathwayskyworth_cm5100-511-cpe:2.3:h:hathway:skyworth_cm5100-511:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hathway	skyworth_cm5100-511_firmware	4.1.1.24	cpe:2.3:o:hathway:skyworth_cm5100-511_firmware:4.1.1.24:::::::*
hathway	skyworth_cm5100-511	-	cpe:2.3:h:hathway:skyworth_cm5100-511:-:::::::*

References

github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815-

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVE-2024-44815