CERT-In Alert for Routers: Computer Emergency Response Team (CERT-In) has issued an alert for Digisol Wi-Fi routers. The government team says that many flaws have been seen in the firmware of Digisol routers, due to which hackers can target the system and obtain sensitive information.
An advisory has also been issued by CERT-In regarding this. According to the advisory, CERT-In has found three major flaws in Digisol Router.
Three major flaws found in Digisol Router
Password Policy Bypass Vulnerability (CVE-2024-2257)
The first major flaw is regarding the password policy, regarding which it has been said that a hacker can take advantage of it by creating a password through physical access. Due to this, there is a possibility of a potential threat getting access through the router.
Incorrect Access Control Vulnerability (CVE-2024-4231)
Apart from this, the advisory states that an attacker with physical access can take advantage of this by identifying the UART PIN and accessing the root shell on vulnerable systems. Which may allow him to access sensitive information on the targeting system.
Password Storage in Plaintext Vulnerability (CVE-2024-4232)
The third major drawback is due to the lack of encryption or hashing in storing the password. In this, hackers can take advantage of firmware and reverse engineer binary data to access plaintext passwords on vulnerable systems. According to the report, Digisol router DG-GR1321, hardware version 3.7L, firmware version v3.2.02 is affected by these flaws.
These users were also warned
In the advisory, users have been advised to download and install the latest firmware for the router. Apart from routers, CERT-In has also issued a warning for Apple iTunes and Google Chrome users. Regarding its flaws, it has been told that hackers can target users through the entry of malware in the device. Due to this, both Chrome desktop users and Apple iTunes users need to be cautious.
It has been said in this advisory that those who are using version 124.0.6367.201/.202 for Windows, they need to be cautious. Besides, an alert has also been issued to those users who are using 124.0.6367.201 for Linux.
Also read:-
Smartwatch is available free with phone with 108MP camera, price is less than Rs 10 thousand