Details of VAR-202407-2515

ID

VAR-202407-2515

CVE

CVE-2024-41684

TITLE

syrotech of sy-gpon-1110-wdont Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-004970

DESCRIPTION

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system. syrotech of sy-gpon-1110-wdont There are unspecified vulnerabilities in the firmware.Information may be obtained. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. An attacker could exploit this vulnerability to obtain sensitive cookie information and use this information to launch further attacks on the affected system

Trust: 2.16

sources: NVD: CVE-2024-41684 // JVNDB: JVNDB-2024-004970 // CNVD: CNVD-2024-34377

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-34377

AFFECTED PRODUCTS

vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	-	version:	-	Trust: 1.4
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	3.1.02-231102	Trust: 1.0
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	-	Trust: 0.8
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	sy-gpon-1110-wdont firmware 3.1.02-231102	Trust: 0.8

sources: CNVD: CNVD-2024-34377 // JVNDB: JVNDB-2024-004970 // NVD: CVE-2024-41684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41684
value:	MEDIUM
Trust: 1.0
vdisclose@cert-in.org.in:	CVE-2024-41684
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-41684
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-34377
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-34377
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41684
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41684
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-34377 // JVNDB: JVNDB-2024-004970 // NVD: CVE-2024-41684 // NVD: CVE-2024-41684

PROBLEMTYPE DATA

problemtype:	CWE-614	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004970 // NVD: CVE-2024-41684

PATCH

title:

Patch for SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34377)

url:

https://www.cnvd.org.cn/patchInfo/show/575526

Trust: 0.6

sources: CNVD: CNVD-2024-34377

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41684	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-004970	Trust: 0.8
db:	CNVD	id:	CNVD-2024-34377	Trust: 0.6

sources: CNVD: CNVD-2024-34377 // JVNDB: JVNDB-2024-004970 // NVD: CVE-2024-41684

REFERENCES

url:	https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01&vlcode=civn-2024-0225	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41684	Trust: 1.4

sources: CNVD: CNVD-2024-34377 // JVNDB: JVNDB-2024-004970 // NVD: CVE-2024-41684

SOURCES

db:	CNVD	id:	CNVD-2024-34377
db:	JVNDB	id:	JVNDB-2024-004970
db:	NVD	id:	CVE-2024-41684

LAST UPDATE DATE

2024-08-15T12:52:56.188000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-34377	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004970	date:	2024-08-08T00:09:00
db:	NVD	id:	CVE-2024-41684	date:	2024-08-06T13:25:49.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-34377	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004970	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-41684	date:	2024-07-26T12:15:02.763