Back

CVE-2024-41692

July 26, 2024, 1:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SyroTech SY-GPON-1110-WDONT Router

Source

vdisclose@cert-in.org.in

Tags

vdisclose@cert-in.org.in
2024-07-26
CVE-2024-41692
CWE-1191

CVE-2024-41692 details

Published : July 26, 2024, 1:15 p.m.
Last Modified : July 26, 2024, 1:15 p.m.

Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-1191 On-Chip Debug and Test Interface With Improper Access Control The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

References

URL Source
https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 vdisclose@cert-in.org.in
This website uses the NVD API, but is not approved or certified by it.