CVE-2024-4231

Incorrect Access Control Vulnerability in Digisol Router

Description

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by identifying UART pins and accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to access the sensitive information on the targeted system.

Remediation

Solution:

Upgrade Digisol Router firmware to version v3.1.02-240311. https://www.digisol.com/firmware/

References

Link	Tags
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0158	third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-4231?: CVE-2024-4231 has been scored as a medium severity vulnerability.
How to fix CVE-2024-4231?: To fix CVE-2024-4231: Upgrade Digisol Router firmware to version v3.1.02-240311. https://www.digisol.com/firmware/
Is CVE-2024-4231 being actively exploited in the wild?: It is possible that CVE-2024-4231 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-4231?: CVE-2024-4231 affects Digisol Digisol Router DG-GR1321.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-1191 – On-Chip Debug and Test Interface With Improper Access Control

References

Frequently Asked Questions