Headline

CVE-2023-41030: Juplink RX4-1500 Hard-coded Credential Vulnerability - Exodus Intelligence

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the ‘user’ user.

12 months ago

CVE

Open in Source

#vulnerability #web #intel #hard_coded_credentials #auth #telnet #wifi

September 18, 2023
Advisories

EIP-6a41336a

Hard coded credentials exists in Juplink RX4-1500, a WiFi router. An unauthenticated attacker can exploit this vulnerability to log into the web interface or telnet service as the ‘user’ user.

Vulnerability Identifiers

Exodus Intelligence: EIP-6a41336a
MITRE: CVE-2023-41030

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSSv2 Score: 5.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Vendor response to disclosure: July 30, 2020
Disclosed to public: September 18, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago