0x7 CVE-2018-14078

Discoverer

VULNC0D3 ( @herwonowr )

CVE ID

CVE-2018-14078

Description

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via “/ConfigWizard/ChangePwd.esp?2admin” URL. (Attackers can login using the “admin” username with password “admin” after a successful attack.)

Vulnerability Type

Unautorized Password Reset

Vendor of Product

Wi2be

– Vendor Homepage : http://www.wi2be.com

– Software Link : http://www.wi2be.com/site/produtos/smart-hp/

Affected Product Code Base

Smart HP - R1.2.20_201400922

Affected Component

ConfigWizard ChangePwd

Attack Type

Remote

Impact Escalation of Privileges

True

Attack Vectors

Remote

Timeline

– 2018-07-15 : Request CVE ID

– 2018-07-15 : CVE ID Assigned

– 2018-07-16 : Contacting Vendor

– 2018-08-16 : Vendor Not Responding

– 2018-08-16 : Request for Publication

– 2018-08-18 : CVE ID Public Release

Index
(c) 2021 VULNC0D3