Vulnerability Details CVE-2020-26201
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
- https://www.askey.com.tw/
- https://www.askey.com.tw/incident_report_notifications.html
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
- https://www.askey.com.tw/
- https://www.askey.com.tw/incident_report_notifications.html
Products affected by CVE-2020-26201
-
cpe:2.3:h:askey:ap5100w:-
-
cpe:2.3:o:askey:ap5100w_firmware:-
-
cpe:2.3:o:askey:ap5100w_firmware:1.01.097