How severe is CVE-2024-4232?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2024-4232?

This is classified as CWE-256, which is a common weakness in software security.

CVE-2024-4232 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.

Related Vulnerabilities

CVE-2020-26079

MEDIUM

CVSS:4.1(Medium)

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due...

CWE-2562020

CVE-2024-45638

MEDIUM

CVSS:4.1(Medium)

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

CWE-2562024

CVE-2023-2632

MEDIUM

CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permissi...

CWE-2562023

CVE-2023-2633

MEDIUM

CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CWE-2562023

CVE-2024-31899

MEDIUM

CVSS:4.3(Medium)

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

CWE-2562024

CVE-2025-31724

MEDIUM

CVSS:4.3(Medium)

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users ...

CWE-2562025