CVE-2022-34767
5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Summary
Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Does not validate the user's identity and can be accessed publicly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ALLNET Gmbh | ALLNET Gmbh - ADSL/VDSL Router inkl. Modem and Wlan | Update to the latest version < Update to the latest version* | affected |
Weaknesses
- Authorization Bypass
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.