• KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation

    From Sven@21:1/5 to All on Fri Mar 19 18:03:56 2021
    XPost: alt.hackers.malicious

    2021/03/19 16:53:54 GMT

    Description: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a
    privilege escalation vulnerability. The non-privileged default user (user:user123) can
    elevate his/her privileges by sending a HTTP GET request to the configuration export
    endpoint and disclose the admin password. Once authenticated as admin, an attacker will
    be granted access to the additional and privileged pages.


    Source: Packet Storm Security

    -- Sven Exploits

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)