Описание
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cdatatec:epon_cpe-wifi_devices_firmware:2.0.4-x000:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cdatatec:fd108bn:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd111hz:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd111y:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd114y:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd212gw:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd212h:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd214gh:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd214gw:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd404gh:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd404gw:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-104:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-104g:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-108f-hz500:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-111g:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-111gw:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-301:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-301gw:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-304:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-304ga-hr500:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-304ga-hr511:-:*:*:*:*:*:*:*
cpe:2.3:h:cdatatec:fd600-521g:-:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00715
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-565
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
EPSS
Процентиль: 72%
0.00715
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-565