Details of VAR-202407-2517

ID

VAR-202407-2517

CVE

CVE-2024-41689

TITLE

syrotech of sy-gpon-1110-wdont Vulnerability related to plaintext storage of important information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005007

DESCRIPTION

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. syrotech of sy-gpon-1110-wdont The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. Attackers can exploit this vulnerability to obtain WPA/WPS credential information and use this information to launch further attacks on the affected system

Trust: 2.16

sources: NVD: CVE-2024-41689 // JVNDB: JVNDB-2024-005007 // CNVD: CNVD-2024-34372

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-34372

AFFECTED PRODUCTS

vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	-	version:	-	Trust: 1.4
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	3.1.02-231102	Trust: 1.0
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	-	Trust: 0.8
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	sy-gpon-1110-wdont firmware 3.1.02-231102	Trust: 0.8

sources: CNVD: CNVD-2024-34372 // JVNDB: JVNDB-2024-005007 // NVD: CVE-2024-41689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41689
value:	MEDIUM
Trust: 1.0
vdisclose@cert-in.org.in:	CVE-2024-41689
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-41689
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-34372
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-34372
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:L/AU:N/C:C/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41689
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41689
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-34372 // JVNDB: JVNDB-2024-005007 // NVD: CVE-2024-41689 // NVD: CVE-2024-41689

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	CWE-798	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005007 // NVD: CVE-2024-41689

PATCH

title:

Patch for SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34372)

url:

https://www.cnvd.org.cn/patchInfo/show/575416

Trust: 0.6

sources: CNVD: CNVD-2024-34372

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41689	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-005007	Trust: 0.8
db:	CNVD	id:	CNVD-2024-34372	Trust: 0.6

sources: CNVD: CNVD-2024-34372 // JVNDB: JVNDB-2024-005007 // NVD: CVE-2024-41689

REFERENCES

url:	https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01&vlcode=civn-2024-0225	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41689	Trust: 1.4

sources: CNVD: CNVD-2024-34372 // JVNDB: JVNDB-2024-005007 // NVD: CVE-2024-41689

SOURCES

db:	CNVD	id:	CNVD-2024-34372
db:	JVNDB	id:	JVNDB-2024-005007
db:	NVD	id:	CVE-2024-41689

LAST UPDATE DATE

2024-08-15T12:51:51.160000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-34372	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-005007	date:	2024-08-08T01:54:00
db:	NVD	id:	CVE-2024-41689	date:	2024-08-05T21:05:55.990

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-34372	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-005007	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-41689	date:	2024-07-26T12:15:03.490