CVE Vulnerabilities

CVE-2024-41686

Incorrect Behavior Order: Early Validation

Published: Jul 26, 2024 | Modified: Nov 21, 2024
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

Weakness

The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.

Affected Software

Name Vendor Start Version End Version
Sy-gpon-1110-wdont_firmware Syrotech 3.1.02-231102 (including) 3.1.02-231102 (including)

Potential Mitigations

References