Undergoing Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
SyroTech SY-GPON-1110-WDONT Router
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-41686 details
Published : July 26, 2024, 12:15 p.m.
Last Modified : July 26, 2024, 12:38 p.m.
Last Modified : July 26, 2024, 12:38 p.m.
Description
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-179 | Incorrect Behavior Order: Early Validation | The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification. |
References
| URL | Source |
|---|---|
| https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.