Описание
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:intenogroup:inteno_router_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intenogroup:inteno_router:-:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00606
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
EPSS
Процентиль: 69%
0.00606
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-269