HIGH🇬🇧 English

CVE-2024-41691

CVSS 7.0v4.0pub. 2024-07-26upd. 2024-11-21

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.

oryginał EN
CVSS Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Syrotech Sy Gpon 1110 Wdont

    HW
    Syrotech
    wszystkie wersje
  • Syrotech Sy Gpon 1110 Wdont Firmware

    OS
    Syrotech
    3.1.02-231102
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-63729CRITICAL9.0PL ✓ten sam produkt

Syrotech SY-GPON-1110-WDONT: ujawnienie kluczy SSL w firmware

CVE-2024-41686HIGH7.3ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password pol...

CVE-2024-41687HIGH8.6ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text....

CVE-2024-41688HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames...

CVE-2024-41690HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and passwor...