XPost: alt.hackers.malicious
2021/03/19 16:50:20 GMT
Description: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint
and reset the device to its factory default settings. Once the GET request is made, the
device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.
https://packetstormsecurity.com/files/161888/ZSL-2021-5642.txt
Source: Packet Storm Security
-- Sven Exploits
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)