CVE-2020-26201

Опубликовано: 10 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

Ссылки

https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
Exploit
Third Party Advisory
https://www.askey.com.tw/
Vendor Advisory
https://www.askey.com.tw/incident_report_notifications.html
Broken Link
Vendor Advisory
https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
Exploit
Third Party Advisory
https://www.askey.com.tw/
Vendor Advisory
https://www.askey.com.tw/incident_report_notifications.html
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:askey:ap5100w_firmware:*:*:*:*:*:*:*:*

Версия до 1.01.097 (включая)

cpe:2.3:h:askey:ap5100w:-:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00659

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-521

Связанные уязвимости

GHSA-77qw-xvp6-89m4