How severe is CVE-2024-41688?

This vulnerability has a severity rating of HIGH with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-41688?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2024-41688 - HIGH Severity | CVSS 4.6

Vulnerability Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

Related Vulnerabilities

CVE-2019-14886

MEDIUM

CVSS:4.6(Medium)

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Ba...

CWE-3122019

CVE-2020-36248

MEDIUM

CVSS:4.6(Medium)

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this...

CWE-3122020

CVE-2021-25692

MEDIUM

CVSS:4.6(Medium)

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

CWE-3122021

CVE-2022-20660

MEDIUM

CVSS:4.6(Medium)

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. T...

CWE-3122022

CVE-2022-24120

MEDIUM

CVSS:4.6(Medium)

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

CWE-3122022

CVE-2022-41740

MEDIUM

CVSS:4.6(Medium)

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

CWE-3122022