CVE-2024-2257 (GCVE-0-2024-2257)

Vulnerability from cvelistv5 – Published: 2024-05-10 13:26 – Updated: 2024-08-01 19:03
VLAI?
Summary
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Digisol Digisol Router DG-GR1321 Affected: v3.2.02
Create a notification for this product.
Credits
This vulnerability is discovered by Shravan Singh, Ganesh Bakare and Karan Patel from Redfox Cyber Security Inc, Toronto, Canada.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:digisol:dg-gr1321_firmware:3.2.02:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "dg-gr1321_firmware",
            "vendor": "digisol",
            "versions": [
              {
                "status": "affected",
                "version": "3.2.02"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T15:23:51.477709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T17:18:02.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:39.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Digisol Router DG-GR1321",
          "vendor": "Digisol",
          "versions": [
            {
              "status": "affected",
              "version": "v3.2.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability is discovered by Shravan Singh, Ganesh Bakare and Karan Patel from Redfox Cyber Security Inc, Toronto, Canada."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\u003c/p\u003e\u003cp\u003eSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.\u003c/p\u003e"
            }
          ],
          "value": "This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T12:13:59.577Z",
        "orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
        "shortName": "CERT-In"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade Digisol Router firmware to version v3.1.02-240311.\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.digisol.com/firmware/\"\u003ehttps://www.digisol.com/firmware/\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Upgrade Digisol Router firmware to version v3.1.02-240311.\n https://www.digisol.com/firmware/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Password Policy Bypass Vulnerability in Digisol Router",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
    "assignerShortName": "CERT-In",
    "cveId": "CVE-2024-2257",
    "datePublished": "2024-05-10T13:26:08.205Z",
    "dateReserved": "2024-03-07T09:46:47.485Z",
    "dateUpdated": "2024-08-01T19:03:39.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\\n\\nSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.\"}, {\"lang\": \"es\", \"value\": \"Esta vulnerabilidad existe en Digisol Router (DG-GR1321: versi\\u00f3n de hardware 3.7L; versi\\u00f3n de firmware: v3.2.02) debido a una implementaci\\u00f3n incorrecta de las pol\\u00edticas de contrase\\u00f1a. Un atacante con acceso f\\u00edsico podr\\u00eda aprovechar esto creando una contrase\\u00f1a que no cumpla con los est\\u00e1ndares/pol\\u00edticas de seguridad definidos en el sistema vulnerable. La explotaci\\u00f3n exitosa de esta vulnerabilidad podr\\u00eda permitir al atacante exponer el enrutador a posibles amenazas a la seguridad.\"}]",
      "id": "CVE-2024-2257",
      "lastModified": "2024-11-21T09:09:21.760",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-05-14T15:18:35.380",
      "references": "[{\"url\": \"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\", \"source\": \"vdisclose@cert-in.org.in\"}, {\"url\": \"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vdisclose@cert-in.org.in",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"vdisclose@cert-in.org.in\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2257\",\"sourceIdentifier\":\"vdisclose@cert-in.org.in\",\"published\":\"2024-05-14T15:18:35.380\",\"lastModified\":\"2024-11-21T09:09:21.760\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\\n\\nSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad existe en Digisol Router (DG-GR1321: versi\u00f3n de hardware 3.7L; versi\u00f3n de firmware: v3.2.02) debido a una implementaci\u00f3n incorrecta de las pol\u00edticas de contrase\u00f1a. Un atacante con acceso f\u00edsico podr\u00eda aprovechar esto creando una contrase\u00f1a que no cumpla con los est\u00e1ndares/pol\u00edticas de seguridad definidos en el sistema vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante exponer el enrutador a posibles amenazas a la seguridad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"vdisclose@cert-in.org.in\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\",\"source\":\"vdisclose@cert-in.org.in\"},{\"url\":\"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:03:39.410Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2257\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-15T15:23:51.477709Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:digisol:dg-gr1321_firmware:3.2.02:*:*:*:*:*:*:*\"], \"vendor\": \"digisol\", \"product\": \"dg-gr1321_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.02\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-15T15:23:29.081Z\"}}], \"cna\": {\"title\": \"Password Policy Bypass Vulnerability in Digisol Router\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This vulnerability is discovered by Shravan Singh, Ganesh Bakare and Karan Patel from Redfox Cyber Security Inc, Toronto, Canada.\"}], \"affected\": [{\"vendor\": \"Digisol\", \"product\": \"Digisol Router DG-GR1321\", \"versions\": [{\"status\": \"affected\", \"version\": \"v3.2.02\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade Digisol Router firmware to version v3.1.02-240311.\\n https://www.digisol.com/firmware/\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade Digisol Router firmware to version v3.1.02-240311.\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.digisol.com/firmware/\\\"\u003ehttps://www.digisol.com/firmware/\u003c/a\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0158\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\\n\\nSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThis vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;  Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.\u003c/p\u003e\u003cp\u003eSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"66834db9-ab24-42b4-be80-296b2e40335c\", \"shortName\": \"CERT-In\", \"dateUpdated\": \"2024-06-05T12:13:59.577Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2257\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T19:03:39.410Z\", \"dateReserved\": \"2024-03-07T09:46:47.485Z\", \"assignerOrgId\": \"66834db9-ab24-42b4-be80-296b2e40335c\", \"datePublished\": \"2024-05-10T13:26:08.205Z\", \"assignerShortName\": \"CERT-In\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.