Details of VAR-202407-2649

ID

VAR-202407-2649

CVE

CVE-2024-41687

TITLE

syrotech of sy-gpon-1110-wdont Vulnerability in cleartext transmission of sensitive information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-004957

DESCRIPTION

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. An attacker can exploit this vulnerability to obtain password information and use this information to launch further attacks on the affected system

Trust: 2.16

sources: NVD: CVE-2024-41687 // JVNDB: JVNDB-2024-004957 // CNVD: CNVD-2024-34376

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-34376

AFFECTED PRODUCTS

vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	-	version:	-	Trust: 1.4
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	3.1.02-231102	Trust: 1.0
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	sy-gpon-1110-wdont firmware 3.1.02-231102	Trust: 0.8
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-34376 // JVNDB: JVNDB-2024-004957 // NVD: CVE-2024-41687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41687
value:	HIGH
Trust: 1.0
vdisclose@cert-in.org.in:	CVE-2024-41687
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-41687
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-34376
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-34376
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41687
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41687
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-34376 // JVNDB: JVNDB-2024-004957 // NVD: CVE-2024-41687 // NVD: CVE-2024-41687

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	Sending important information in clear text (CWE-319) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004957 // NVD: CVE-2024-41687

PATCH

title:

Patch for SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34376)

url:

https://www.cnvd.org.cn/patchInfo/show/575521

Trust: 0.6

sources: CNVD: CNVD-2024-34376

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41687	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-004957	Trust: 0.8
db:	CNVD	id:	CNVD-2024-34376	Trust: 0.6

sources: CNVD: CNVD-2024-34376 // JVNDB: JVNDB-2024-004957 // NVD: CVE-2024-41687

REFERENCES

url:	https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01&vlcode=civn-2024-0225	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41687	Trust: 1.4

sources: CNVD: CNVD-2024-34376 // JVNDB: JVNDB-2024-004957 // NVD: CVE-2024-41687

SOURCES

db:	CNVD	id:	CNVD-2024-34376
db:	JVNDB	id:	JVNDB-2024-004957
db:	NVD	id:	CVE-2024-41687

LAST UPDATE DATE

2024-08-16T05:58:42.276000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-34376	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004957	date:	2024-08-07T00:50:00
db:	NVD	id:	CVE-2024-41687	date:	2024-08-05T21:05:30.230

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-34376	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004957	date:	2024-08-07T00:00:00
db:	NVD	id:	CVE-2024-41687	date:	2024-07-26T12:15:03.250