Vulnerability CVE-2017-11351


Published: 2017-09-13   Modified: 2017-09-21

Description:
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.

Vendor: Axesstel
Product: Mu553s firmware 
Version: mu553s-v1.14;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-axesstel.html

Related CVE
CVE-2017-13724
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.
CVE-2017-11350
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.
CVE-2009-2321
cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.
CVE-2009-2322
Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2323
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a...
CVE-2009-2317
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
CVE-2009-2318
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.
CVE-2009-2319
The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Copyright 2017, cxsecurity.com

 

Back to Top