Subhodeep Baroi

**Name of the Vulnerable Software and Affected Versions** Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN version 1.0 Firmware V2.0.1 **Description** The issue concerns a Cross-Site Request Forgery (CSRF) vulnerability in the password change function. This allows remote attackers to change the admin password without the user's consent, potentially leading to account takeover. **Recommendations** For Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN version 1.0 Firmware V2.0.1, consider disabling the password change function temporarily until a patch is available to prevent potential account takeover. Restrict access to the password change module to minimize the risk of exploitation. Avoid using the password change feature in the affected firmware version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware version 1.0, firmware version 2.0.1 **Description** The issue allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. **Recommendations** For Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware version 1.0, firmware version 2.0.1, consider disabling access to the Telnet port 2345 until a patch is available.