CVE-2019-25470

Name of the Vulnerable Software and Affected Versions eWON versions 12.2 through 13.0

Description eWON firmware contains an authentication bypass that allows attackers with minimal privileges to retrieve sensitive user data. Attackers can exploit the wsdReadForm API endpoint by sending POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter. This allows extraction of encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.

Recommendations Versions 12.2 through 13.0 should be updated when a fix becomes available. As a temporary workaround, restrict access to the wsdReadForm endpoint.