Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2022-01 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2022-03-07T21:47:00
Updated: 2022-03-07T21:47:00
Reserved: 2022-02-15T00:00:00
Link: CVE-2022-25214
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:47:01.153
Modified: 2023-08-08T14:21:49.707
Link: CVE-2022-25214
JSON object: View
Redhat Information
No data.
CWE