Lucene search

CERT-InVULNRICHMENT:CVE-2024-41690

HistoryJul 26, 2024 - 12:02 p.m.

CVE-2024-41690 Default Credential Storage in Plaintext Vulnerability

2024-07-2612:02:29

CWE-312

CERT-In

github.com

cve-2024-41690

plaintext vulnerability

default credentials

syrotech router

unauthorized access

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

21.4%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*"
    ],
    "vendor": "syrotech",
    "product": "sy-gpon-1110-wdont_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "3.1.02-231102"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

21.4%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-41690