CVE-2024-41689: Hard-coded Credentials Vulnerability
First published: Fri Jul 26 2024(Updated: )
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.
Credit: vdisclose@cert-in.org.in
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Syrotech Sy-gpon-1110-wdont Firmware | =3.1.02-231102 | |
| SyroTech SY-GPON-1110-WDONT |
Remedy
Upgrade SyroTech SY-GPON-1110-WDONT Router firmware to patched version 3.1.02-240517 http://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/remedy
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/syrotech
- canonical/syrotech sy-gpon-1110-wdont firmware
- version/syrotech sy-gpon-1110-wdont firmware/3.1.02-231102
- canonical/syrotech sy-gpon-1110-wdont