PT-2019-11476 · China Mobile · Chinamobile Gpn2.4P21-C-Cn W2001En-00

Published

2019-07-19

Updated

2020-08-24

CVE-2019-1010136

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: ChinaMobile GPN2.4P21-C-CN W2001EN-00

Description: The issue is related to incorrect access control, allowing unauthenticated remote reboot of PLC Wireless Routers. The component affected is the reboot settings, which are available to unauthenticated users instead of only authenticated users. The attack vector is remote.

Recommendations: For ChinaMobile GPN2.4P21-C-CN W2001EN-00, restrict access to the reboot settings to only authenticated users to prevent unauthenticated remote reboot.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-1010136

Affected Products

Chinamobile Gpn2.4P21-C-Cn W2001En-00

PT-2019-11476 · China Mobile · Chinamobile Gpn2.4P21-C-Cn W2001En-00

CVE-2019-1010136

Weakness Enumeration

Related Identifiers

Affected Products

References · 4