CVE-2019-18661

Name of the Vulnerable Software and Affected Versions Fastweb FASTGate version 1.0.1b

Description The issue allows for partial authentication bypass by modifying a certain check pwd return value from 0 to 1. Although an attack does not grant administrative control of a device, it enables the attacker to view all web pages of the administration console.

Recommendations For Fastweb FASTGate version 1.0.1b, consider modifying the check pwd function to prevent return value manipulation until a patch is available. Restrict access to the administration console to minimize the risk of exploitation.