Vulnerabilities > CVE-2020-24365 - Insecure Default Initialization of Resource vulnerability in Gemteks Wrtm-127Acn Firmware and Wrtm-127X9 Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gemteks

CWE-1188

NVD

Published: 2020-09-24

Updated: 2022-04-28

Summary

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)

Vulnerable Configurations

Part	Description	Count
OS	Gemteks Gemteks Wrtm 127Acn Firmware 01.01.02.141 Gemteks Wrtm 127X9 Firmware 01.01.02.127	2
Hardware	Gemteks Gemteks Wrtm 127Acn - Gemteks Wrtm 127X9 -	2

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References