Описание
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
Уязвимость веб-сервера микропрограммного обеспечения маршрутизаторов Four-Faith F3x36, связанная с отсутствием проверки подлинности для критически важной функции, позволяющая нарушителю изменять конфигурацию устройства
EPSS
9.8 Critical
CVSS3