• KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory

    From Sven@21:1/5 to All on Fri Mar 19 18:07:15 2021
    XPost: alt.hackers.malicious

    2021/03/19 16:50:20 GMT

    Description: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint
    and reset the device to its factory default settings. Once the GET request is made, the
    device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.


    Source: Packet Storm Security

    -- Sven Exploits

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)