An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.
The vulnerability results from improper credential management (poor credential management) classified as CWE-521 (weak password requirements) and CWE-1393 (use of default credentials). A remote, unauthenticated attacker can exploit this weakness to obtain elevated privileges on the device. The network attack vector with no authentication requirements (PR:N, UI:N) significantly increases the risk of vulnerability exploitation.
An attacker can obtain elevated privileges on the device, which in practice means full control over the router, the ability to modify its configuration, intercept network traffic, and compromise the confidentiality, integrity, and availability of data.
Apply patches available from the manufacturer according to the references. Additionally, it is recommended to immediately change the default credentials for device access, restrict access to the management interface to trusted IP addresses only, and isolate the device from the public network.
Connectize AC21000 G6 with firmware version 641.139.1.1256
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HConnectize Ac21000 G6
HWConnectizewszystkie wersjeConnectize Ac21000 G6 Firmware
OSConnectize641.139.1.1256
Related vulnerabilities
Brak ograniczenia liczby prób po stronie klienta w Connectize AC21000 G6
Connectize AC21000 G6 — przejęcie kontroli przez zmianę hasła bez weryfikacji
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to ga...
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via...
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to...