Published on: 05/03/2021 12:00:00 AM UTC
Last Modified on: 05/04/2021 10:21:00 AM UTC
The following vulnerability was found:
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user.
- CVE-2020-35758 has been assigned by [email protected] to track the vulnerability
|Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products - IoT Inspector|| www.iot-inspector.com |