CVE-2020-35758

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...

CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

CVE-2020-35758

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...

CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...

CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...

CVE-2020-35755

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...

Authentication flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...

Design/Logic Flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

Design/Logic Flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...

CVE-2020-35758

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...

CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...

CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

Libre Wireless LS9 访问控制错误漏洞

Libre Wireless LS9 is a network device from Libre Wireless, Inc. Libre Wireless LS9 LS1.5/p7040 devices. an access control error vulnerability exists that stems from the luci service daemon running on port 7777 providing a subclass of commands with the Read prefix. Such commands can directly read...

Libre Wireless LS9 授权问题漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless USA. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices that stems from the presence of an authentication bypass in the web interface that does not properly restrict access to internal functions...

Libre Wireless 访问控制错误漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless USA. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices that stems from having Unauthenticated Root ADB Access Over TCP.The web interface of the LS9 provides access to ADB over TCP...

Libre Wireless 访问控制错误漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless, Inc. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices. The vulnerability stems from a luci service daemon running on port 7777 returning the device configuration password in plaintext without...