PT-2020-12959 · Openwrt+1 · Openwrt+1
Ilya Shaposhnikov
·
Published
2020-04-21
·
Updated
2024-08-04
·
CVE-2020-11968
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IQrouter versions through 3.3.1
Description
The issue allows remote attackers to read system logs due to Incorrect Access Control in the web-panel. This can occur on a brand-new network before the initial configuration is completed, including setting a secure password. It is noted that this condition is also applicable to unconfigured releases of OpenWRT and many other new Linux distributions prior to their first configuration.
Recommendations
For IQrouter versions through 3.3.1, complete the initial configuration and set a secure password to mitigate the risk of system log exposure. As a temporary workaround, consider restricting access to the web-panel until the initial configuration is completed.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iqrouter
Openwrt