CVE-2024-4232 MEDIUM

CVE-2024-4232: Password Storage in Plaintext Vulnerability in Digisol Router

Vendor Digisol
Product Digisol Router DG-GR1321
Weakness CWE-256
Published May 10, 2024
Last update August 1, 2024

CVSS base score

5.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

Key dates

02Disclosure timeline

May 10, 2024 CVE published
August 1, 2024 Record updated