Password Storage in Plaintext Vulnerability in Digisol Router
CVE-2024-4232

Currently unrated

Key Information:

Vendor: Digisol
Status: Digisol Router Dg-gr1321
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4232?

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

Affected Version(s)

Digisol Router DG-GR1321 v3.2.02

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 26, 2024

Credit

This vulnerability is discovered by Shravan Singh, Ganesh Bakare and Karan Patel from Redfox Cyber Security Inc, Toronto, Canada.