PT-2018-18861 · Foxconn · Foxconn Femto Ap-Fc4064-T

Published

2018-05-10

Updated

2018-06-18

CVE-2018-9112

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxconn FEMTO AP-FC4064-T AP GT B38 5.8.3lb15-W47 LTE Build 15

Description The issue concerns a low-privileged admin account with a weak default password. Additionally, the web management page relies on cookies for security-critical operations, allowing privilege escalation through cookie modification.

Recommendations For Foxconn FEMTO AP-FC4064-T AP GT B38 5.8.3lb15-W47 LTE Build 15, consider changing the default admin password to a strong one and restrict or modify the web management page to not rely on cookies for security-critical operations. As a temporary workaround, consider restricting access to the web management page until a more secure solution is implemented.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-9112

Affected Products

Foxconn Femto Ap-Fc4064-T

PT-2018-18861 · Foxconn · Foxconn Femto Ap-Fc4064-T

CVE-2018-9112

Weakness Enumeration

Related Identifiers

Affected Products

References · 3