| Título | UTT 进取750w <=V5.0 Unverified Password Change |
|---|
| Descrição | A critical authorization vulnerability exists in the Jinqu 750W router. An attacker can exploit the setSysAdm action by carefully crafting the passwd1 parameter, allowing them to modify the administrator password without authentication or authorization. The vulnerability is ultimately triggered by a call to doSystem("chpasswd.sh %s %s", "admin", Var);, leading to unauthorized control over the router's administrative privileges. |
|---|
| Fonte | ⚠️ https://github.com/pfwqdxwdd/cve/blob/main/6.md |
|---|
| Utilizador | pfwqdxwdd (UID 86094) |
|---|
| Submissão | 03/06/2025 15h14 (há 1 Ano) |
|---|
| Moderação | 15/06/2025 08h56 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 312566 [UTT 进取 750W até 5.0 Administrator Password /goform/setSysAdm formDefineManagement passwd1 Autenticação fraca] |
|---|
| Pontos | 20 |
|---|