CVE-2023-49255

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The router console is accessible without authentication at the data field. Although a user needs to be logged in to modify the configuration, the session state is shared. If another user is currently logged in, an anonymous user can execute commands in the context of the authenticated one. If the logged-in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.