Products
Hathway Skyworth Router CM5100
- 4.1.1.24
Source
cve@mitre.org
Tags
CVE-2024-44815 details
Published : Sept. 10, 2024, 4:15 p.m.
Last Modified : Sept. 10, 2024, 10:15 p.m.
Last Modified : Sept. 10, 2024, 10:15 p.m.
Description
Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.0 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-256 | Plaintext Storage of a Password | Storing a password in plaintext may result in a system compromise. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
8.0
Exploitability Score
1.6
Impact Score
5.8
Base Severity
HIGH
Vector String : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H
References
URL | Source |
---|---|
https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815- | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.