Details of VAR-202407-2572

ID

VAR-202407-2572

CVE

CVE-2024-41692

TITLE

SyroTech SY-GPON-1110-WDONT Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-34378

DESCRIPTION

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech

Trust: 1.44

sources: NVD: CVE-2024-41692 // CNVD: CNVD-2024-34378

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-34378

AFFECTED PRODUCTS

vendor:

syrotech

model:

sy-gpon-1110-wdont

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2024-34378

CVSS

SEVERITY

CVSSV2

CVSSV3

vdisclose@cert-in.org.in:	CVE-2024-41692
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-34378
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-34378
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2024-34378 // NVD: CVE-2024-41692

PROBLEMTYPE DATA

problemtype:

CWE-1191

Trust: 1.0

sources: NVD: CVE-2024-41692

PATCH

title:

Patch for SyroTech SY-GPON-1110-WDONT Access Control Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/575531

Trust: 0.6

sources: CNVD: CNVD-2024-34378

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41692	Trust: 1.6
db:	CNVD	id:	CNVD-2024-34378	Trust: 0.6

sources: CNVD: CNVD-2024-34378 // NVD: CVE-2024-41692

REFERENCES

url:	https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01&vlcode=civn-2024-0225	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41692	Trust: 0.6

sources: CNVD: CNVD-2024-34378 // NVD: CVE-2024-41692

SOURCES

db:	CNVD	id:	CNVD-2024-34378
db:	NVD	id:	CVE-2024-41692

LAST UPDATE DATE

2024-08-15T08:54:28.120000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-34378	date:	2024-08-02T00:00:00
db:	NVD	id:	CVE-2024-41692	date:	2024-08-01T08:15:04.173

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-34378	date:	2024-08-02T00:00:00
db:	NVD	id:	CVE-2024-41692	date:	2024-07-26T13:15:09.947