CVE-2021-20121

Name of the Vulnerable Software and Affected Versions: Telus Wi-Fi Hub (PRV65B444A-S-TS) version 3.00.20

Description: The issue allows an authenticated user with physical access to the device to read arbitrary files from the device. This can be achieved by preparing and connecting a specially prepared USB drive to the device and making a series of crafted requests to the device's web interface.

Recommendations: For Telus Wi-Fi Hub (PRV65B444A-S-TS) version 3.00.20, consider restricting physical access to the device and limiting the ability to connect USB drives until a patch is available. As a temporary workaround, avoid using the device's web interface to make crafted requests that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.