Details of VAR-202407-2683

ID

VAR-202407-2683

CVE

CVE-2024-41690

TITLE

syrotech of sy-gpon-1110-wdont Vulnerability related to plaintext storage of important information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-004960

DESCRIPTION

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. syrotech of sy-gpon-1110-wdont The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech

Trust: 2.16

sources: NVD: CVE-2024-41690 // JVNDB: JVNDB-2024-004960 // CNVD: CNVD-2024-34379

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-34379

AFFECTED PRODUCTS

vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	-	version:	-	Trust: 1.4
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	3.1.02-231102	Trust: 1.0
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	sy-gpon-1110-wdont firmware 3.1.02-231102	Trust: 0.8
vendor:	syrotech	model:	sy-gpon-1110-wdont	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-34379 // JVNDB: JVNDB-2024-004960 // NVD: CVE-2024-41690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41690
value:	MEDIUM
Trust: 1.0
vdisclose@cert-in.org.in:	CVE-2024-41690
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-41690
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-34379
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-34379
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41690
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41690
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-34379 // JVNDB: JVNDB-2024-004960 // NVD: CVE-2024-41690 // NVD: CVE-2024-41690

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004960 // NVD: CVE-2024-41690

PATCH

title:

Patch for SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34379)

url:

https://www.cnvd.org.cn/patchInfo/show/575536

Trust: 0.6

sources: CNVD: CNVD-2024-34379

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41690	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-004960	Trust: 0.8
db:	CNVD	id:	CNVD-2024-34379	Trust: 0.6

sources: CNVD: CNVD-2024-34379 // JVNDB: JVNDB-2024-004960 // NVD: CVE-2024-41690

REFERENCES

url:	https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01&vlcode=civn-2024-0225	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41690	Trust: 1.4

sources: CNVD: CNVD-2024-34379 // JVNDB: JVNDB-2024-004960 // NVD: CVE-2024-41690

SOURCES

db:	CNVD	id:	CNVD-2024-34379
db:	JVNDB	id:	JVNDB-2024-004960
db:	NVD	id:	CVE-2024-41690

LAST UPDATE DATE

2024-08-16T02:02:17.153000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-34379	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004960	date:	2024-08-07T01:08:00
db:	NVD	id:	CVE-2024-41690	date:	2024-08-05T21:06:09.687

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-34379	date:	2024-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-004960	date:	2024-08-07T00:00:00
db:	NVD	id:	CVE-2024-41690	date:	2024-07-26T12:15:03.623