Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
CPE | Name | Operator | Version |
---|---|---|---|
k2_firmware | le | 22.5.9.163 | |
k2g_firmware | le | 22.6.3.20 | |
k2p_firmware | le | 20.4.1.7 | |
k3_firmware | le | 21.5.37.246 | |
k3c_firmware | le | 32.1.15.93 |