10 matches found
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
CVE-2025-43979
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xmlaction.cgi?method= endpoint...
PT-2025-31947 · Firstnum · Firstnum Jc21A-04
Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: FIRSTNUM JC21A-04 devices enable the SSH service by default with the credentials root/admin. The graphical user interface GUI does not provide a method to disable this account...
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
CVE-2025-43980
The CVE pertains to FIRSTNUM JC21A-04 devices (versions through 2.01ME/FN). The issue is that SSH is enabled by default and authenticates with root/admin credentials, and the GUI provides no way to disable this account. This creates an environment where remote access could be gained under default...
FIRSTNUM JC21A-04 安全漏洞
The FIRSTNUM JC21A-04 is a router from the Chinese company FIRSTNUM. A security vulnerability exists in the FIRSTNUM JC21A-04 version 2.01ME/FN and earlier, which originates from an arbitrary system command that can be executed via the xmlaction.cgi endpoint...
CVE-2025-43979
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xmlaction.cgi?method= endpoint...
CVE-2025-43979
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xmlaction.cgi?method= endpoint...
CVE-2025-43979
Affected product: FIRSTNUM JC21A-04 devices (firmware up to 2.01ME/FN). Vulnerable component: xml_action.cgi?method= endpoint, where crafted payloads allow authenticated users to execute arbitrary OS commands with root privileges. This is a remote code execution issue (network attack vector) with...
PT-2025-31941 · Firstnum · Firstnum Jc21A-04
Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: An issue allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml action.cgi?method= endpoint. Recommendation...