Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-47699

Product: CF-WR623N (http://www.comfast.com.cn/index.php?m=content&c=index&a=show&catid=98&id=13)

Vendor: COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd)

Firmware version: V2.3.0.1

Driver version: 4.1.0.0_CL15074

Vendor Fix: N/A

Root Cause: Improper Clientside input checks resaulting in password policy bypass

Description: The passwordpolicy is only implemented on the clientside and can be bypassed to set no password or a password with a length >8


I realize that this is somewhat of a lame best practice vulnerability aimed at improving the overall security posture of the application and the users.
The application is not following its own security best practices. I understand that if somebody goes out of their way to put a shitty password, its really their fault but your policies should be applied consistently across the board to better improve the security posture of the application. As seen below the frontend forces a 5-32 password

image

Below we're going to be setting the password or the admin user to the single character k

image

The password changed worked because we're not able to auth as the admin user with the password k
image