| Название | Totolink T6 V4.1.9cu.5241_B20210923 Broken Access Control |
|---|
| Описание | Version V4.1.9cu.5241_B20210923 of the device allows remote attackers to obtain Wi-Fi system information and modify system-related settings without logging in via port 80, path /cgi-bin/cstecgi.cgi, parameter topicurl.
This version does not verify that the administrator is logged in, so the attacker does not need to bring in the cookie obtained after the administrator has logged in, and can directly obtain the Wi-Fi SSID and Wi-Fi password.
Sending a request to modify the system settings without bringing in any cookies can modify the system settings, in a normal and secure situation it must be verified that the cookies are brought in after the administrator has logged in.
As shown in the picture below: Without any session, the router can be modified in any setting.
The vulnerability has been communicated to the vendor, who has indicated that no future fixes will be implemented for this vulnerability.
|
|---|
| Источник | ⚠️ https://drive.google.com/file/d/1puSOo5XrzMrctw7EtrE7DnfssOOuhRTS/view?usp=sharing |
|---|
| Пользователь | lin7lic (UID 39301) |
|---|
| Представление | 29.12.2023 01:31 (2 лет назад) |
|---|
| Модерация | 07.01.2024 20:50 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 249867 [Totolink T6 4.1.9cu.5241_B20210923 /cgi-bin/cstecgi.cgi topicurl эскалация привилегий] |
|---|
| Баллы | 20 |
|---|