Tanyeetat

**Name of the Vulnerable Software and Affected Versions** Aztech WMB250AC Mesh Routers Firmware Version 016 2020 **Description** The issue allows attackers to gain escalated privileges under specific conditions related to a given account's hashed password, due to PHP Type Juggling in the file /var/www/login.php. **Recommendations** For Aztech WMB250AC Mesh Routers Firmware Version 016 2020, as a temporary workaround, consider restricting access to the /var/www/login.php file until a patch is available. Avoid using the login functionality in the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aztech WMB250AC Mesh Routers Firmware Version 016 2020 **Description** The issue concerns improper session management in the affected devices, allowing remote attackers to bypass authentication and execute arbitrary commands with administrator privileges under certain circumstances. This can be achieved by leveraging an existing web portal login. **Recommendations** For Aztech WMB250AC Mesh Routers Firmware Version 016 2020, update the firmware to a version that properly manages sessions and prevents unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.