Products
SyroTech SY-GPON-1110-WDONT Router
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-41692 details
Published : July 26, 2024, 1:15 p.m.
Last Modified : July 26, 2024, 1:15 p.m.
Last Modified : July 26, 2024, 1:15 p.m.
Description
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
References
URL | Source |
---|---|
https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.