CVE-2024-41689 MEDIUM

CVE-2024-41689: Hard-coded Credentials Vulnerability

Vendor Syrotech
Product SyroTech SY-GPON-1110-WDONT router
Weakness CWE-798 · Hardcoded credentials
Published July 26, 2024
Last update August 2, 2024

CVSS base score

5.2/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.

Key dates

02Disclosure timeline

July 26, 2024 CVE published
August 2, 2024 Record updated