• KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configu

    From Sven@21:1/5 to All on Fri Mar 19 18:05:10 2021
    XPost: alt.hackers.malicious

    2021/03/19 16:52:26 GMT

    Description: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an
    unauthenticated configuration disclosure when direct object reference is made to the
    export_settings.cgi file using an HTTP GET request. This will enable the attacker to
    disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.


    Source: Packet Storm Security

    -- Sven Exploits

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)