Submit #584325: Multilaser Sirius RE016 MLT1.0 Authentication Bypassinfo

TitleMultilaser Sirius RE016 MLT1.0 Authentication Bypass
DescriptionThis vulnerability allows a remote attacker to change the administrator password on the Multilaser Sirius RE016 router without authentication via the /cgi-bin/cstecgi.cgi endpoint. This enables full control over the device, compromising network security and allowing persistence and privilege escalation attacks.
Source⚠️ https://github.com/DefaultCh40s/RE016/blob/main/re016.py
User
 DefaultCh40s (UID 85145)
Submission05/24/2025 22:30 (1 Year ago)
Moderation06/01/2025 13:11 (8 days later)
StatusAccepted
VulDB entry310770 [Multilaser Sirius RE016 MLT1.0 Password Change /cgi-bin/cstecgi.cgi improper authentication]
Points17

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>