James Hemmings

Name of the Vulnerable Software and Affected Versions: EE 4GEE HH70VB-2BE8GB3 HH70 E1 02.00 19 Description: An issue was discovered where hardcoded root SSH credentials are stored within the `core app` binary, which is used by the EE router for networking services. The default password is `oelinux123`. An attacker with knowledge of this password could login to the router via SSH as the root user, potentially leading to the loss of confidentiality, integrity, and availability of the system. This could also allow for the bypass of the "AP Isolation" mode and modification of settings for multiple Wireless networks. Recommendations: For EE 4GEE HH70VB-2BE8GB3 HH70 E1 02.00 19, consider changing the default SSH credentials to prevent unauthorized access. As a temporary workaround, restrict SSH access to the router until a patch is available.

**Name of the Vulnerable Software and Affected Versions** EE 4GEE WiFi MBB versions before EE60 00 05.00 31 **Description** The issue is related to Cross-Site Request Forgery (CSRF) and is associated with several API endpoints, including "goform/AddNewProfile", "goform/setWanDisconnect", "goform/setSMSAutoRedirectSetting", "goform/setReset", and "goform/uploadBackupSettings". **Recommendations** For versions before EE60 00 05.00 31, update to version EE60 00 05.00 31 or later to resolve the issue. As a temporary workaround, consider restricting access to the mentioned API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** EE 4GEE WiFi MBB versions before EE60 00 05.00 31 **Description** The issue allows remote attackers to obtain sensitive information via a JSONP endpoint. This can include passwords and SMS content. **Recommendations** For versions before EE60 00 05.00 31, update to version EE60 00 05.00 31 or later to resolve the issue. As a temporary workaround, consider restricting access to the JSONP endpoint until a patch is available.