CVE-2023-41027

Summary

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

Affected Software

VendorProductVersion RangeStatus
JuplinkRX4-1500V1.0.5affected
JuplinkRX4-1500V1.0.4affected

Weaknesses

  • CWE-210: CWE-210 Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References