8.6
CVE-2024-41692
- EPSS 0.27%
- Veröffentlicht 26.07.2024 13:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
Incorrect Access Control Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersyrotech
≫
Produkt
sy-gpon-1110-wdont_firmware
Default Statusunknown
Version
3.1.02-231102
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.185 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vdisclose@cert-in.org.in | 8.6 | 0 | 0 |
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225
https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225