CVE-2024-4232

MEDIUM

Digisol Router <3.2.02 - Info Disclosure

Title source: llm

Description

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

Exploits (2)

nomisec STUB

by Redfox-Security · poc

https://github.com/Redfox-Security/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232

View Code ZIP pw:eip

nomisec STUB

by Redfox-Security · poc

https://github.com/Redfox-Security/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158

Scores

CVSS v3 4.1

EPSS 0.0237

EPSS Percentile 85.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256

Status published

Products (1)

Digisol/Digisol Router DG-GR1321 v3.2.02

Published May 14, 2024

Tracked Since Feb 18, 2026