PT-2019-11476 · China Mobile · Chinamobile Gpn2.4P21-C-Cn W2001En-00

Publicado

2019-07-19

Atualizado

2020-08-24

CVE-2019-1010136

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: ChinaMobile GPN2.4P21-C-CN W2001EN-00

Description: The issue is related to incorrect access control, allowing unauthenticated remote reboot of PLC Wireless Routers. The component affected is the reboot settings, which are available to unauthenticated users instead of only authenticated users. The attack vector is remote.

Recommendations: For ChinaMobile GPN2.4P21-C-CN W2001EN-00, restrict access to the reboot settings to only authenticated users to prevent unauthenticated remote reboot.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2019-1010136

Produtos afetados

Chinamobile Gpn2.4P21-C-Cn W2001En-00

PT-2019-11476 · China Mobile · Chinamobile Gpn2.4P21-C-Cn W2001En-00

CVE-2019-1010136

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4