Vulnerability: Privilege Escalation via Weak Default Password and Cookie Manipulation

Vulnerability: Privilege Escalation via Weak Default Password and Cookie Manipulation

CVE-2018-9112 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.

Learn more about our Web App Pen Testing.