| Title | UTT 进取750w <=V5.0 Unverified Password Change |
|---|
| Description | A critical authorization vulnerability exists in the Jinqu 750W router. An attacker can exploit the setSysAdm action by carefully crafting the passwd1 parameter, allowing them to modify the administrator password without authentication or authorization. The vulnerability is ultimately triggered by a call to doSystem("chpasswd.sh %s %s", "admin", Var);, leading to unauthorized control over the router's administrative privileges. |
|---|
| Source | ⚠️ https://github.com/pfwqdxwdd/cve/blob/main/6.md |
|---|
| User | pfwqdxwdd (UID 86094) |
|---|
| Submission | 06/03/2025 15:14 (1 Year ago) |
|---|
| Moderation | 06/15/2025 08:56 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 312566 [UTT 进取 750W up to 5.0 Administrator Password /goform/setSysAdm formDefineManagement passwd1 unverified password change] |
|---|
| Points | 20 |
|---|