Vulnerability CVE-2018-20512
Published: 2019-01-03

Description:
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

Type:

CWE-565

 (Reliance on Cookies without Validation and Integrity Checking)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cdatatec -> Epon cpe-wifi devices firmware 

 References:
https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/
Copyright 2024, cxsecurity.com

 

Back to Top