CVE-2020-24365

Name of the Vulnerable Software and Affected Versions Gemtek WRTM-127ACN version 01.01.02.141 Gemtek WRTM-127x9 version 01.01.02.127

Description An issue allows an authenticated attacker to execute a command directly on the target machine via the Monitor Diagnostic network page. Commands are executed as the root user. This is particularly concerning since most routers are left with default credentials, potentially allowing attackers to gain access without needing to crack passwords.

Recommendations For Gemtek WRTM-127ACN version 01.01.02.141, consider restricting access to the Monitor Diagnostic network page until a fix is available. For Gemtek WRTM-127x9 version 01.01.02.127, consider restricting access to the Monitor Diagnostic network page until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.