Vulnerability Description
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Syrotech | Sy-Gpon-1110-Wdont Firmware | 3.1.02-231102 |
| Syrotech | Sy-Gpon-1110-Wdont | - |
Related Weaknesses (CWE)
References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0Third Party Advisory
- https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225
FAQ
What is CVE-2024-41691?
CVE-2024-41691 is a vulnerability with a CVSS score of 4.6 (MEDIUM). This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker wi...
How severe is CVE-2024-41691?
CVE-2024-41691 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41691?
Check the references section above for vendor advisories and patch information. Affected products include: Syrotech Sy-Gpon-1110-Wdont Firmware, Syrotech Sy-Gpon-1110-Wdont.