CVE-2019-11326

Name of the Vulnerable Software and Affected Versions Topcon Positioning Net-G5 GNSS Receiver firmware 5.2.2

Description An issue was discovered in the web interface of the Topcon Positioning Net-G5 GNSS Receiver, where a guest login is allowed by default. Once logged in as a guest, an attacker can browse a specific URL to read the password of the administrative user, potentially gaining administrative privileges. This issue affects the default configuration of the device.

Recommendations For firmware 5.2.2, consider disabling the guest login feature to prevent unauthorized access until a patch is available. Restrict access to the administrative user interface to minimize the risk of exploitation. Avoid using the default configuration and ensure that the device is properly secured to prevent unauthorized logins.