PT-2023-11491 · China Mobile · Chinamobile Plc Wireless Router

Sergiu Sechel

Publicado

2023-01-25

Atualizado

2025-04-01

CVE-2020-18331

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01

Description The issue is related to a directory traversal vulnerability. It can be exploited via the getpage parameter to the "/cgi-bin/webproc" API endpoint.

Recommendations For ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01, avoid using the getpage parameter in the "/cgi-bin/webproc" API endpoint until the issue is resolved. Restrict access to the "/cgi-bin/webproc" endpoint to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2020-18331

Produtos afetados

Chinamobile Plc Wireless Router

PT-2023-11491 · China Mobile · Chinamobile Plc Wireless Router

CVE-2020-18331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6