CVE-2024-41686

July 26, 2024, 12:38 p.m.

None
No Score

Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

Product(s) Impacted

Product Versions
SyroTech SY-GPON-1110-WDONT Router

Weaknesses

CWE-179
Incorrect Behavior Order: Early Validation
The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.

References

https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225

Tags

vdisclose@cert-in.org.in
2024-07-26
CVE-2024-41686
CWE-179

Date

  • Published: July 26, 2024, 12:15 p.m.
  • Last Modified: July 26, 2024, 12:38 p.m.

Status : Undergoing Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

vdisclose@cert-in.org.in

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.