HIGH🇬🇧 English

CVE-2024-41688

CVSS 7.0v4.0pub. 2024-07-26upd. 2024-11-21

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

oryginał EN
CVSS Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Syrotech Sy Gpon 1110 Wdont

    HW
    Syrotech
    wszystkie wersje
  • Syrotech Sy Gpon 1110 Wdont Firmware

    OS
    Syrotech
    3.1.02-231102
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-63729CRITICAL9.0PL ✓ten sam produkt

Syrotech SY-GPON-1110-WDONT: ujawnienie kluczy SSL w firmware

CVE-2024-41690HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and passwor...

CVE-2024-41691HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext...

CVE-2024-41687HIGH8.6ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text....

CVE-2024-41686HIGH7.3ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password pol...