CVE-2020-11967

Name of the Vulnerable Software and Affected Versions IQrouter versions 3.3.1 and earlier

Description The issue allows remote attackers to control the device, enabling actions such as restarting the network, rebooting, upgrading, or resetting, due to incorrect access control. This issue is relevant to brand-new networks, particularly before the initial configuration is completed and a secure password is set. It is also a common issue in unconfigured releases of OpenWRT and other new Linux distributions prior to their first configuration.

Recommendations For IQrouter versions 3.3.1 and earlier, as a temporary workaround, consider restricting access to the device until a secure password is set during the initial configuration. Ensure that the initial configuration step for setting a secure password on the system is completed to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.