5 matches found
CVE-2020-35758
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
CVE-2020-35755
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...
CVE-2020-35758
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
CVE-2020-35758
The CVE-2020-35758 entry concerns Libre Wireless LS9 LS1.5/p7040 devices with a web interface authentication bypass. The issue allows unauthenticated access to privileged APIs because access restrictions on internal functionality are not properly enforced, despite a login page appearing. Document...
CVE-2020-35757
CVE-2020-35757 affects Libre Wireless LS9 LS1.5/p7040 devices. The issue is unauthenticated root ADB access over TCP via the LS9 web interface: the web management endpoint can be enabled by a crafted request, and requests to this endpoint do not require authentication, allowing any unauthenticate...