PT-2018-18861 · Foxconn · Foxconn Femto Ap-Fc4064-T

Publicado

2018-05-10

Atualizado

2018-06-18

CVE-2018-9112

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxconn FEMTO AP-FC4064-T AP GT B38 5.8.3lb15-W47 LTE Build 15

Description The issue concerns a low-privileged admin account with a weak default password. Additionally, the web management page relies on cookies for security-critical operations, allowing privilege escalation through cookie modification.

Recommendations For Foxconn FEMTO AP-FC4064-T AP GT B38 5.8.3lb15-W47 LTE Build 15, consider changing the default admin password to a strong one and restrict or modify the web management page to not rely on cookies for security-critical operations. As a temporary workaround, consider restricting access to the web management page until a more secure solution is implemented.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-9112

Produtos afetados

Foxconn Femto Ap-Fc4064-T

PT-2018-18861 · Foxconn · Foxconn Femto Ap-Fc4064-T

CVE-2018-9112

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3