Published: 15/04/2022 Updated: 25/04/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows malicious users to write files and reset the user passwords without having a valid session cookie.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fantec mwid25-ds_firmware 2.000.030

Unauthenticated RCE exploit for Fantec MWiD25-DS

Fantec MWiD25-DS Writeup for CVE-2022-28113 by @code-byter This is a writeup of exploiting the Fantec MWiD25-DS Travel Router (Firmware version: 2000030) This vulnerability allows any unauthorized user to execute arbitrary commands as root user A vulnerability in the backup functionality (uploadcsp) allows any user to write files and thus reset the user passwords without

CWE-565 https://github.com/code-byter/CVE-2022-28113 https://drive.google.com/file/d/1OvpNieX3pYFaZprglr5T0lV0WuLoLcLu/view?usp=sharing https://code-byter.com/2022/04/06/fantec-wifi.html https://drive.google.com/file/d/1s1AgI5Dw7_GNenmI-mw0Sx2B9MkNTbc7/view?usp=sharing https://nvd.nist.gov https://github.com/code-byter/CVE-2022-28113

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-28113

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect