Design/Logic Flaw

2024-01-0710:15:00

PRIOn knowledge base

www.prio-n.com

uniway router

administrative web interface

vulnerability

critical

remote attack

ip address authentication

exploit disclosure

vdb-249766

vendor non-response

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CPENameOperatorVersion
uw-101x_firmwarele2.0
uw-301vpw_firmwarele2.0
uw-302vp_firmwarele2.0
uw-311vpw_firmwarele2.0
uw-323dac_firmwarele2.0

Name	Operator	Version
uw-101x_firmware	le	2.0
uw-301vpw_firmware	le	2.0
uw-302vp_firmware	le	2.0
uw-311vpw_firmware	le	2.0
uw-323dac_firmware	le	2.0

References

drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing

vuldb.com/?ctiid.249766

vuldb.com/?id.249766