Lucene search

CERT-InCVE-2024-2257

HistoryMay 14, 2024 - 3:18 p.m.

CVE-2024-2257

2024-05-1415:18:35

CWE-20

CERT-In

web.nvd.nist.gov

cve-2024-2257

digisol router

password policies

physical access

security threats

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digisol Router DG-GR1321",
    "vendor": "Digisol",
    "versions": [
      {
        "status": "affected",
        "version": "v3.2.02"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-2257