Headline
CVE-2022-43366: IOT_Vulnerability_Discovery/4_information_disclosure.md at main · splashsc/IOT_Vulnerability_Discovery
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.
Permalink
Cannot retrieve contributors at this time
Brand:IP-COM
Firmware link:https://www.ip-com.com.cn/product/download/EW9.html
Vulnerability details
There are multiple unauthorized access interfaces
The details of attack
The httpd service can be emulated using QEMU
Initializing and set password
You can then actively log out and accessing the above interface,Note that there are more than the two unauthorized interfaces mentioned above