KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) Vulnerability

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Design/Logic Flaw

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgwv1.02.0014 4.20 have cleartext credentials in /mib.db...

CVE-2017-6531

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgwv1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile...

CVE-2017-6532

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgwv1.02.0014 4.20 have cleartext credentials in /mib.db...

CVE-2017-6530

Televes COAXDATA GATEWAY 1Gbps devices (firmware referenced as doc-wifi-hgw_v1.02.0014 4.20) are affected by CVE-2017-6530 due to missing authorization on password change functionality (password.shtml), allowing arbitrary administrator password changes. Multiple sources (NVD/CNVD) describe this v...

CVE-2017-6532

CVE-2017-6532 affects Televes COAXDATA GATEWAY 1Gbps devices (documented as Televes COAXDATA GATEWAY 1Gbps devices with firmware/build references). The vulnerability is described as cleartext credentials stored in /mib.db. CNVD-2017-18523 additionally notes a backup file disclosure that could exp...