Lucene search

CERT-InCVELIST:CVE-2024-4232

HistoryMay 10, 2024 - 1:32 p.m.

CVE-2024-4232 Password Storage in Plaintext Vulnerability in Digisol Router

2024-05-1013:32:08

CWE-256

CERT-In

www.cve.org

digisol router

cve-2024-4232

vulnerability

plaintext

password storage

firmware

database

encryption

hashing

exploitation

unauthorized access

5.4 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digisol Router DG-GR1321",
    "vendor": "Digisol",
    "versions": [
      {
        "status": "affected",
        "version": "v3.2.02"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

5.4 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-4232