漏洞描述
LTE WirelessRouter相关设备的后台管理平台/login.cgi接口存在默认口令,无需复杂验证就能直接登录。攻击者可登录后获取用户敏感信息,并对设备管理下的用户进行网络管理。
LTE Wireless Router 存在弱口令漏洞
PoC代码
暂无相关漏洞推荐
- wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- POC CVE-2014-2962: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
- POC CVE-2015-0554: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
- POC CVE-2016-6277: NETGEAR Routers - Remote Code Execution
- POC CVE-2017-15647: FiberHome Routers - Local File Inclusion
- POC CVE-2017-5521: NETGEAR Routers - Authentication Bypass
- POC CVE-2018-0127: Cisco RV132W/RV134W Router - Information Disclosure
- POC CVE-2018-10822: D-Link Routers - Local File Inclusion
- POC CVE-2018-10823: D-Link Routers - Remote Command Injection
- POC CVE-2018-16059: WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
- POC CVE-2019-16313: ifw8 Router ROM v4.31 - Credential Discovery
- POC CVE-2019-1653: Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
- POC CVE-2019-16920: D-Link Routers - Remote Code Execution