VAR-202407-2515
Vulnerability from variot - Updated: 2024-08-15 12:52This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system. syrotech of sy-gpon-1110-wdont There are unspecified vulnerabilities in the firmware.Information may be obtained. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. An attacker could exploit this vulnerability to obtain sensitive cookie information and use this information to launch further attacks on the affected system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sy-gpon-1110-wdont",
"scope": null,
"trust": 1.4,
"vendor": "syrotech",
"version": null
},
{
"model": "sy-gpon-1110-wdont",
"scope": "eq",
"trust": 1.0,
"vendor": "syrotech",
"version": "3.1.02-231102"
},
{
"model": "sy-gpon-1110-wdont",
"scope": "eq",
"trust": 0.8,
"vendor": "syrotech",
"version": null
},
{
"model": "sy-gpon-1110-wdont",
"scope": "eq",
"trust": 0.8,
"vendor": "syrotech",
"version": "sy-gpon-1110-wdont firmware 3.1.02-231102"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"cve": "CVE-2024-41684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-34377",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-41684",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-41684",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-41684",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "vdisclose@cert-in.org.in",
"id": "CVE-2024-41684",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-41684",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-34377",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router\u0027s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system. syrotech of sy-gpon-1110-wdont There are unspecified vulnerabilities in the firmware.Information may be obtained. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. An attacker could exploit this vulnerability to obtain sensitive cookie information and use this information to launch further attacks on the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41684"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "CNVD",
"id": "CNVD-2024-34377"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41684",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-34377",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"id": "VAR-202407-2515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
}
]
},
"last_update_date": "2024-08-15T12:52:56.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34377)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/575526"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-614",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cert-in.org.in/s2cmainservlet?pageid=pubvlnotes01\u0026vlcode=civn-2024-0225"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41684"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"date": "2024-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"date": "2024-07-26T12:15:02.763000",
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-34377"
},
{
"date": "2024-08-08T00:09:00",
"db": "JVNDB",
"id": "JVNDB-2024-004970"
},
{
"date": "2024-08-06T13:25:49.640000",
"db": "NVD",
"id": "CVE-2024-41684"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "syrotech\u00a0 of \u00a0sy-gpon-1110-wdont\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004970"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…