PT-2017-12144 · Netcomm Wireless · Netcomm Wireless 4Gt101W

Published

2017-07-28

Updated

2017-08-04

CVE-2017-11645

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3

Description The issue concerns the lack of authentication for certain web pages, specifically logfile.html, status.html, and system config.html. This could potentially allow unauthorized access to sensitive information.

Recommendations For NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3, consider restricting access to the vulnerable web pages, such as logfile.html, status.html, and system config.html, until a patch or fix is available. As a temporary workaround, limit access to these pages to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-11645

Affected Products

Netcomm Wireless 4Gt101W

PT-2017-12144 · Netcomm Wireless · Netcomm Wireless 4Gt101W

CVE-2017-11645

Weakness Enumeration

Related Identifiers

Affected Products

References · 3