PT-2022-9077 · Arcadyan · Arcadyan Wifi Routers Vrv9506Jac23
Asher Davila L
·
Published
2022-12-14
·
Updated
2022-12-16
·
CVE-2020-9420
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Arcadyan Wifi routers VRV9506JAC23 version VRV9506JAC23
Description
The login password of the web administrative dashboard in the affected routers is sent in cleartext. This allows an attacker to sniff and intercept traffic, potentially learning the administrative credentials to the router.
Recommendations
For Arcadyan Wifi routers VRV9506JAC23 version VRV9506JAC23, consider changing the default administrative credentials and avoid using the web administrative dashboard over unsecured networks until a patch is available. As a temporary workaround, restrict access to the administrative dashboard to minimize the risk of exploitation.
Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcadyan Wifi Routers Vrv9506Jac23