CVE-2020-25988: A UPnP Abuse or, a feature. – Digitalmunition


Home Forums CVE-2020-25988: A UPnP Abuse or, a feature.

This topic contains 1 reply, has 2 voices, and was last updated by  ShiroiOk 1 month, 2 weeks ago.

  • Author
  • #337208


    So I was playing around with my home router and stumbled upon my first bug/feature. The bug/feature is: Once I’m on the same network (physical/wireless), I can login to your router’s admin panel, by fetching the credentials of ‘admin’ user.

    Here’s a short writeup:

    P.S. – If you have any feedback regarding anything or happen to spot any mistakes, please do let me know. Thanks!!

  • #337210


    I believe its a feature of upnp but the fact the credentials are in plaintext means that the company producing those routers is lax with security.

    You should definitely send this through to them, if somebody gained access to a network with this router they would be able to access the admin panel and go from there.

    Good find.

You must be logged in to reply to this topic.