vendor:
eWon Flexy
by:
Photubias
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: eWon Flexy
Affected Version From: eWon Firmware 12.2
Affected Version To: eWon Firmware 13.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: eWon Flexy with Firmware 13.0s0
2018
eWON v13.0 Authentication Bypass
This script will perform retrieval of clear text credentials for an eWON Flexy router. It combines two vulnerabilities: authentication bypass (fixed in 13.1s0) and a weak password encryption, allowing cleartext password retrievel for all users (fixed in 13.3s0)
Mitigation:
Upgrade to eWon Firmware 13.1s0 or higher
