CERT-In Vulnerability Note
CIVN-2024-0225
Multiple Vulnerabilities in SyroTech Router
Original Issue Date:July 26, 2024
Severity Rating: MEDIUM
Systems Affected
- SyroTech SY-GPON-1110-WDONT router: Hardware version 3.7L; Firmware version 3.1.02-231102
Overview
Multiple vulnerabilities have been reported in SyroTech SY-GPON-1110-WDONT Router, which could allow an attacker to obtain sensitive information and gain unauthorized access on the targeted system.
Description
1. Cookie Without Secure Flag Set Vulnerability
(
CVE-2024- 41684
)
This vulnerability exists in SyroTech Router due to missing secure flag for the session cookies associated with the routers web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.
2. Cookie Without HTTPOnly Flag Set Vulnerability
(
CVE-2024- 41685
)
This vulnerability exists in SyroTech due to missing HTTPOnly flag for the session cookies associated with the routers web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
3. Password Policy Bypass Vulnerability
(
CVE-2024- 41686
)
This vulnerability exists in SyroTech Router due to improper implementation of password policies. A privileged attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
4. Cleartext Transmission of Sensitive Information Vulnerability
(
CVE-2024- 41687
)
This vulnerability exists in SyroTech Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
5. Cleartext Storage of Sensitive Information Vulnerability
(
CVE-2024- 41688
)
This vulnerability exists in SyroTech Router due lack of encryption in storing of usernames and passwords within the routers firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
6. Hard-coded Credentials Vulnerability
(
CVE-2024-41689
)
This vulnerability exists in SyroTech Router due to unencrypted storing of WPA/ WPS credentials within the routers firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.
7. Default Credential Storage in Plaintext Vulnerability
(
CVE-2024-41690
)
This vulnerability exists in SyroTech Router due to storing of default username and password credentials in plaintext within the routers firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
8. Insecure Storage of Sensitive Information Vulnerability
(
CVE-2024-41691
)
This vulnerability exists in SyroTech Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the routers firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.
9. Incorrect Access Control Vulnerability
(
CVE-2024-41692
)
This vulnerability exists in SyroTech Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.
Credit
These vulnerabilities are discovered by Shravan Singh, Rahul Giri, & Karan Patel from Redfox Cyber Security Inc, Toronto, Canada.
Solution
Upgrade SyroTech SY-GPON-1110-WDONT Router firmware to patched version 3.1.02-240517
http://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view
Vendor Information
Syrotech Networks
http://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view
References
Syrotech Networks
https://www.syrotech.comhb/firmwares
CVE Name
CVE-2024- 41684
CVE-2024- 41685
CVE-2024- 41686
CVE-2024- 41687
CVE-2024- 41688
CVE-2024-41689
CVE-2024-41690
CVE-2024-41691
CVE-2024-41692
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|