CVE-2024-2257

Password Policy Bypass Vulnerability in Digisol Router

Description

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.

Remediation

Solution:

Upgrade Digisol Router firmware to version v3.1.02-240311. https://www.digisol.com/firmware/

References

Link	Tags
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158	third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-2257?: CVE-2024-2257 has been scored as a critical severity vulnerability.
How to fix CVE-2024-2257?: To fix CVE-2024-2257: Upgrade Digisol Router firmware to version v3.1.02-240311. https://www.digisol.com/firmware/
Is CVE-2024-2257 being actively exploited in the wild?: It is possible that CVE-2024-2257 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-2257?: CVE-2024-2257 affects Digisol Digisol Router DG-GR1321.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions