CVE-2024-42657 - Vulnerability Details - OpenCVE

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Nepstech	Ntpl-xpon1gfevn Ntpl-xpon1gfevn Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:nepstech:ntpl-xpon1gfevn:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sudo-subho/CVE-2024-42657
https://www.linkedin.com/in/subhodeep-baroi-397629252/
https://x.com/sudo_subho

History

Tue, 20 Aug 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nepstech ntpl-xpon1gfevn
Weaknesses		CWE-311
CPEs		cpe:2.3:h:nepstech:ntpl-xpon1gfevn:-:::::::* cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:1.0:::::::*
Vendors & Products		Nepstech ntpl-xpon1gfevn

Tue, 20 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nepstech Nepstech ntpl-xpon1gfevn Firmware
Weaknesses		CWE-200
CPEs		cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware::::::::
Vendors & Products		Nepstech Nepstech ntpl-xpon1gfevn Firmware
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 Aug 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process
References		https://github.com/sudo-subho/CVE-2024-42657 https://www.linkedin.com/in/subhodeep-baroi-397629252/ https://x.com/sudo_subho

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-19T00:00:00

Updated: 2024-08-20T14:38:56.625Z

Reserved: 2024-08-05T00:00:00

Link: CVE-2024-42657

Vulnrichment

Updated: 2024-08-20T14:38:43.872Z

NVD

Status : Analyzed

Published: 2024-08-19T17:15:07.967

Modified: 2024-08-20T16:13:12.413

Link: CVE-2024-42657

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-42657", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-20T14:38:56.625Z", "dateReserved": "2024-08-05T00:00:00", "datePublished": "2024-08-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-19T16:50:26.883211"}, "descriptions": [{"lang": "en", "value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.linkedin.com/in/subhodeep-baroi-397629252/"}, {"url": "https://x.com/sudo_subho"}, {"url": "https://github.com/sudo-subho/CVE-2024-42657"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "nepstech", "product": "ntpl-xpon1gfevn_firmware", "cpes": ["cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T14:33:06.855564Z", "id": "CVE-2024-42657", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:38:56.625Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-42657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-20T14:33:06.855564Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:*:*:*:*:*:*:*:*"], "vendor": "nepstech", "product": "ntpl-xpon1gfevn_firmware", "versions": [{"status": "affected", "version": "v1.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:38:43.872Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.linkedin.com/in/subhodeep-baroi-397629252/"}, {"url": "https://x.com/sudo_subho"}, {"url": "https://github.com/sudo-subho/CVE-2024-42657"}], "descriptions": [{"lang": "en", "value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-19T16:50:26.883211"}}}, "cveMetadata": {"cveId": "CVE-2024-42657", "state": "PUBLISHED", "dateUpdated": "2024-08-20T14:38:56.625Z", "dateReserved": "2024-08-05T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "521E8573-BFA6-434E-BFDF-EE8CC1266D2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nepstech:ntpl-xpon1gfevn:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FF39747-D23D-4C7F-8EB2-E5BB7441877C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process"}, {"lang": "es", "value": "Un problema en el enrutador Wifi Wishnet Nepstech NTPL-XPON1GFEVN v1.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la falta de cifrado durante el proceso de inicio de sesi\u00f3n."}], "id": "CVE-2024-42657", "lastModified": "2024-08-20T16:13:12.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-19T17:15:07.967", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/sudo-subho/CVE-2024-42657"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.linkedin.com/in/subhodeep-baroi-397629252/"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://x.com/sudo_subho"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}