CVE-2023-24796

Name of the Vulnerable Software and Affected Versions Vinga WR-AC1200 versions 81.102.1.4370 and before

Description A password vulnerability allows a remote attacker to execute arbitrary code via the password parameter at the "/goform/sysTools" and "/adm/systools.asp" endpoints. This issue has been identified in scans probing for vulnerable routers.

Recommendations For Vinga WR-AC1200 versions 81.102.1.4370 and before, consider disabling access to the "/goform/sysTools" and "/adm/systools.asp" endpoints until a patch is available. As a temporary workaround, restrict the use of the password parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.