Published: 21/04/2020 Updated: 11/04/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In IQrouter up to and including 3.3.1, the Lua function reset_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Vulnerable Product	Search on Vulmon	Subscribe to Product
evenroute iqrouter_firmware

IQrouter firmware version 331 suffers from a remote code execution vulnerability ...

CWE-521 https://evenroute.com/https://pastebin.com/grSCSBSu https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-https://openwrt.org/docs/guide-quick-start/walkthrough_login https://nvd.nist.gov https://packetstormsecurity.com/files/157300/IQrouter-3.3.1-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-11966

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect