Описание
The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (/cgi-bin/luci). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.
Ссылки
- ExploitThird Party AdvisoryPress/Media Coverage
- ExploitThird Party AdvisoryPress/Media Coverage
- Broken Link
Уязвимые конфигурации
Одновременно
Одно из
EPSS
5.1 Medium
CVSS3
Дефекты
Связанные уязвимости
The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.
EPSS
5.1 Medium
CVSS3