Lucene search

[email protected]CVE-2024-4232

HistoryMay 14, 2024 - 3:43 p.m.

CVE-2024-4232

2024-05-1415:43:08

CWE-256

[email protected]

web.nvd.nist.gov

digisol router

physical access

exploit

firmware

passwords

unauthorized access

vulnerability

nvd

5.4 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digisol Router DG-GR1321",
    "vendor": "Digisol",
    "versions": [
      {
        "status": "affected",
        "version": "v3.2.02"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

5.4 Medium

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-4232

vulnrichment1 nvd1 cvelist1