Credential disclosure in the /webs/userpasswd.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.
The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rx4-1500_firmware | Juplink | 1.0.4 (including) | 1.0.4 (including) |
Rx4-1500_firmware | Juplink | 1.0.5 (including) | 1.0.5 (including) |