Unauthenticated Remote Password Reset Vulnerability in Wi2be SMART HP WMT R1.2.20_201400922

Unauthenticated Remote Password Reset Vulnerability in Wi2be SMART HP WMT R1.2.20_201400922

CVE-2018-14078 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).

Learn more about our User Device Pen Test.