Credential Disclosure in Juplink RX4-1500 Wifi Router Firmware Versions V1.0.4 and V1.0.5

Credential Disclosure in Juplink RX4-1500 Wifi Router Firmware Versions V1.0.4 and V1.0.5

CVE-2023-41027 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

Learn more about our Web App Pen Testing.