35 matches found
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP access point Router /device/config using an HTTP GET request. id: CVE-2024-25735 info: name: WyreStorm Apollo VX20 - Information Disclosure author: johnk3r...
CVE-2024-25734
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...
CVE-2024-25736
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...
CVE-2024-25736
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...
CVE-2024-25734
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...
CVE-2024-25734
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...
CVE-2024-25736
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...
CVE-2024-25734
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...
CVE-2024-25736
The CVE-2024-25736 entry affects WyreStorm Apollo VX20 devices prior to firmware version 1.3.58. The vulnerability allows remote attackers to restart the device by issuing a GET request to /device/reboot (Web interface/reboot and reset commands). Exploitation details in the sources describe an In...
CVE-2024-25736
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...
CVE-2024-25734
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...
CVE-2024-25736
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...
CVE-2024-25735
WyreStorm Apollo VX20 devices prior to version 1.3.58 expose cleartext credentials via an HTTP GET on the SoftAP router endpoint /device/config. This is an information-disclosure/authentication- bypass issue affecting the web interface/config component; remote attackers can retrieve credentials w...
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...
CVE-2024-25734
CVE-2024-25734 affects WyreStorm Apollo VX20 devices prior to version 1.3.58. The Telnet service prompts for a password only after a valid username is entered, enabling remote attackers with Telnet access (port 23) to enumerate valid accounts, potentially enabling brute-force attacks on credentia...
PT-2024-21118 · Wyrestorm · Wyrestorm Apollo Vx20
Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to restart the device via a "/device/reboot" GET request. Recommendations: For versions prior to 1.3.58, update to version 1.3.58 or later to resolve...