HIGH🇵🇱 Wersja polska

CVE-2024-41690

CVSS 7.0v4.0pub. 2024-07-26upd. 2024-11-21

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

CVSS Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Syrotech Sy Gpon 1110 Wdont

    HW
    Syrotech
    wszystkie wersje
  • Syrotech Sy Gpon 1110 Wdont Firmware

    OS
    Syrotech
    3.1.02-231102
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-63729CRITICAL9.0PL ✓ten sam produkt

Syrotech SY-GPON-1110-WDONT: ujawnienie kluczy SSL w firmware

CVE-2024-41686HIGH7.3ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password pol...

CVE-2024-41687HIGH8.6ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text....

CVE-2024-41688HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames...

CVE-2024-41691HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext...