CVE-2021-25326

Name of the Vulnerable Software and Affected Versions: Skyworth Digital Technology RN510 version 3.1.0.4

Description: The issue is related to an incorrect access control vulnerability in the /cgi-bin/test version.asp endpoint. If Wi-Fi is connected and an unauthenticated user visits a specific URL, the SSID password and web UI password may be disclosed.

Recommendations: For Skyworth Digital Technology RN510 version 3.1.0.4, as a temporary workaround, consider restricting access to the /cgi-bin/test version.asp endpoint until a patch is available. Avoid using this endpoint with unauthenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.