Gabriel Gonzalez Garcia

**Name of the Vulnerable Software and Affected Versions** Movistar 4G router version S WLD71-T1 v2.0.201820 **Description** The issue concerns an unprotected primary channel on the Movistar 4G router, which has the 'adb' service open on port 5555. This provides access to a shell with root privileges, allowing for pre-authentication root shell access over ADB. **Recommendations** For Movistar 4G router version S WLD71-T1 v2.0.201820, consider disabling the 'adb' service on port 5555 as a temporary workaround to minimize the risk of exploitation. Restrict access to the shell with root privileges until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movistar 4G router version ES WLD71-T1 v2.0.201820 **Description** The issue is a command injection vulnerability that allows an authenticated user to execute commands inside the router. This can be achieved by making a POST request to the API endpoint '/cgi-bin/gui.cgi'. **Recommendations** For version ES WLD71-T1 v2.0.201820, as a temporary workaround, consider restricting access to the '/cgi-bin/gui.cgi' API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Movistar 4G router version ES WLD71-T1 v2.0.201820 **Description** The issue is a Cross-Site Request Forgery vulnerability that allows an attacker to force an end user to execute unwanted actions in a web application where they are currently authenticated. **Recommendations** For version ES WLD71-T1 v2.0.201820, at the moment, there is no information about a newer version that contains a fix for this vulnerability.