PT-2023-24381 · Planet Technologies · Wdrt-1800Ax
Published
2023-06-07
·
Updated
2025-01-07
·
CVE-2023-33553
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Planet Technologies WDRT-1800AX version v1.01-CP21
Description
The issue allows attackers to bypass authentication and escalate privileges to root via manipulation of the
LoginStatus cookie.Recommendations
For Planet Technologies WDRT-1800AX version v1.01-CP21, as a temporary workaround, consider restricting access to the cookie
LoginStatus to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wdrt-1800Ax