CVE-2020-35758

Name of the Vulnerable Software and Affected Versions: Libre Wireless LS9 LS1.5/p7040 devices

Description: The issue is related to an authentication bypass in the web interface of the affected devices. The web interface does not properly restrict access to internal functionality, allowing direct access to APIs that should not be exposed to an unauthenticated user, despite presenting a password login page on first access.

Recommendations: For Libre Wireless LS9 LS1.5/p7040 devices, restrict access to the web interface until a proper fix is implemented to ensure authentication is required for accessing privileged functionality. As a temporary workaround, consider limiting access to the device's APIs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.