CVE-2024-41692

July 26, 2024, 1:15 p.m.

Tags

vdisclose@cert-in.org.in
2024-07-26
CVE-2024-41692
CWE-1191

Product(s) Impacted

SyroTech SY-GPON-1110-WDONT Router

Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.

Weaknesses

CWE-1191
On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

CWE ID: 1191

Date

Published: July 26, 2024, 1:15 p.m.

Last Modified: July 26, 2024, 1:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vdisclose@cert-in.org.in

References

https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225
vdisclose@cert-in.org.in