PT-2021-21319 · Prolink · Prolink Prc2402M

Ayrx

Published

2021-08-06

Updated

2021-08-12

CVE-2021-36708

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ProLink PRC2402M versions 1.0.18 and older

Description The issue allows an attacker to reset the password to the administrative interface of the router. This is possible due to a problem in the set sys init function in the login.cgi binary.

Recommendations For ProLink PRC2402M versions 1.0.18 and older, consider disabling the set sys init function in the login.cgi binary as a temporary workaround until a patch is available. Restrict access to the administrative interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2021-36708

Affected Products

Prolink Prc2402M

PT-2021-21319 · Prolink · Prolink Prc2402M

CVE-2021-36708

Weakness Enumeration

Related Identifiers

Affected Products

References · 5