This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
So I was playing around with my home router and stumbled upon my first bug/feature. The bug/feature is: Once I’m on the same network (physical/wireless), I can login to your router’s admin panel, by fetching the credentials of ‘admin’ user.Here’s a short writeup:
[https://niteshsurana.medium.com/cve-2020-25988-a-upnp-abuse-424f0db73129](https://niteshsurana.medium.com/cve-2020-25988-a-upnp-abuse-424f0db73129)P.S. – If you have any feedback regarding anything or happen to spot any mistakes, please do let me know. Thanks!!
ShiroiOkI believe its a feature of upnp but the fact the credentials are in plaintext means that the company producing those routers is lax with security.
You should definitely send this through to them, if somebody gained access to a network with this router they would be able to access the admin panel and go from there.
Good find.
You must be logged in to reply to this topic.
![[webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)](https://www.digitalmunition.me/wp-content/uploads/spider-orange.png "[webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)"){kind=small}
Comments