Sergiu Sechel

**Name of the Vulnerable Software and Affected Versions** ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01 **Description** An issue was discovered in the default configuration of the ChinaMobile PLC Wireless Router, allowing attackers to gain access to the configuration interface. **Recommendations** For ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01, change the default configuration to prevent unauthorized access to the configuration interface. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01 **Description** The issue is related to a directory traversal vulnerability. It can be exploited via the `getpage` parameter to the "/cgi-bin/webproc" API endpoint. **Recommendations** For ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN version W2000EN-01, avoid using the `getpage` parameter in the "/cgi-bin/webproc" API endpoint until the issue is resolved. Restrict access to the "/cgi-bin/webproc" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ILC 1x0 versions (affected versions not specified) ILC 1x1 versions (affected versions not specified) ILC 1x1 GSM/GPRS versions (affected versions not specified) ILC 3xx versions (affected versions not specified) AXC 1050 versions (affected versions not specified) AXC 1050 XC versions (affected versions not specified) AXC 3050 versions (affected versions not specified) RFC 480S PN 4TX versions (affected versions not specified) RFC 470 PN 3TX versions (affected versions not specified) RFC 470S PN 3TX versions (affected versions not specified) RFC 460R PN 3TX versions (affected versions not specified) RFC 460R PN 3TX-S versions (affected versions not specified) RFC 430 ETH-IB versions (affected versions not specified) RFC 450 ETH-IB versions (affected versions not specified) PC WORX SRT versions (affected versions not specified) PC WORX RT BASIC versions (affected versions not specified) FC 350 PCI ETH versions (affected versions not specified) **Description** The issue is related to weaknesses in the authentication procedure of the software. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information or impact the integrity of the information by establishing a TCP session on port 1962. This can be demonstrated by using the Create Backup feature to traverse all directories. **Recommendations** As a temporary workaround, consider restricting access to port 1962 to minimize the risk of exploitation. Avoid using the Create Backup feature until the issue is resolved. Restrict access to sensitive information and directories to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.