Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).
References
Link | Resource |
---|---|
https://vulncode.com/advisory/CVE-2018-14078 | Third Party Advisory |
https://vulncode.com/advisory/CVE-2018-14078 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://vulncode.com/advisory/CVE-2018-14078 - Third Party Advisory |
Information
Published : 2018-08-20 20:29
Updated : 2024-11-21 03:48
NVD link : CVE-2018-14078
Mitre link : CVE-2018-14078
CVE.ORG link : CVE-2018-14078
JSON object : View
Products Affected
wi2be
- smart_hp_wmt
CWE
CWE-287
Improper Authentication