| عنوان | UTT 进取750w <=V5.0 Unverified Password Change |
|---|
| الوصف | A critical authorization vulnerability exists in the Jinqu 750W router. An attacker can exploit the setSysAdm action by carefully crafting the passwd1 parameter, allowing them to modify the administrator password without authentication or authorization. The vulnerability is ultimately triggered by a call to doSystem("chpasswd.sh %s %s", "admin", Var);, leading to unauthorized control over the router's administrative privileges. |
|---|
| المصدر | ⚠️ https://github.com/pfwqdxwdd/cve/blob/main/6.md |
|---|
| المستخدم | pfwqdxwdd (UID 86094) |
|---|
| ارسال | 03/06/2025 03:14 PM (1 سنة منذ) |
|---|
| الاعتدال | 15/06/2025 08:56 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 312566 [UTT 进取 750W حتى 5.0 Administrator Password /goform/setSysAdm formDefineManagement passwd1 توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|