CVE-2024-41686 HIGH

CVE-2024-41686: Password Policy Bypass Vulnerability

Vendor Syrotech
Product SyroTech SY-GPON-1110-WDONT router
Weakness CWE-179
Published July 26, 2024
Last update August 2, 2024

CVSS base score

7.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

Key dates

02Disclosure timeline

July 26, 2024 CVE published
August 2, 2024 Record updated