CVE-2024-41686

Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

CVSS v3.1 Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-179 CWE-179

Affected Products

Vendor	Product	Versions
syrotech	sy-gpon-1110-wdont_firmware	All
syrotech	sy-gpon-1110-wdont	All

References

Other References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225

Frequently Asked Questions

What is CVE-2024-41686? +

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. It has a CVSS v3.1 base score of 3.3 (LOW).

How severe is CVE-2024-41686? +

CVE-2024-41686 has a CVSS v3.1 score of 3.3 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.

What products are affected by CVE-2024-41686? +

CVE-2024-41686 affects products from syrotech, specifically: sy-gpon-1110-wdont, sy-gpon-1110-wdont_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-41686? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-4759 8.3

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of …

CVE-2026-3832 3.7

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate …

CVE-2025-63729 9.0

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, …

CVE-2024-41685 7.5

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's …

CVE-2024-41687 7.5

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit …

CVE-2024-41684 5.3

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's …