HIGH🇬🇧 English

CVE-2023-41027

CVSS 8.0v3.1pub. 2023-09-22upd. 2024-11-21

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Juplink Rx4 1500

    HW
    Juplink
    wszystkie wersje
  • Juplink Rx4 1500 Firmware

    OS
    Juplink
    1.0.41.0.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-41028CRITICAL9.0ten sam produkt

A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An a...

CVE-2023-41029HIGH8.0ten sam produkt

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions ...

CVE-2023-41031HIGH8.0ten sam produkt

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote...

CVE-2023-41030MEDIUM6.3ten sam produkt

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to l...

CVE-2020-8797MEDIUM6.7ten sam produkt

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized ...