Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-41691— Insecure Storage of Sensitive Information Vulnerability

EPSS 0.06% · P18
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-41691

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Insecure Storage of Sensitive Information Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
SyroTech SY-GPON-1110-WDONT 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SyroTech SY-GPON-1110-WDONT是SyroTech公司的一款无线路由器。 SyroTech SY-GPON-1110-WDONT 存在安全漏洞,该漏洞源于路由器固件关联的 SquashFS-root 文件系统中以纯文本形式存储了 FTP 凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SyroTechSyroTech SY-GPON-1110-WDONT router 3.1.02-231102 -

II. Public POCs for CVE-2024-41691

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-41691

登录查看更多情报信息。

Same Patch Batch · SyroTech · 2024-07-26 · 9 CVEs total

CVE-2024-41688Cleartext Storage of Sensitive Information Vulnerability
CVE-2024-41687Cleartext Transmission of Sensitive Information Vulnerability
CVE-2024-41684Cookie Without Secure Flag Set Vulnerability
CVE-2024-41685Cookie Without HTTPOnly Flag Set Vulnerability
CVE-2024-41686Password Policy Bypass Vulnerability
CVE-2024-41689Hard-coded Credentials Vulnerability
CVE-2024-41690Default Credential Storage in Plaintext Vulnerability
CVE-2024-41692Incorrect Access Control Vulnerability

IV. Related Vulnerabilities

Same product: SyroTech SY-GPON-1110-WDONT router
Same vendor: SyroTech
Same weakness: CWE-312

V. Comments for CVE-2024-41691

No comments yet

Leave a comment