Skip to content

Latest commit

 

History

History
21 lines (11 loc) · 729 Bytes

Add_user_vulnerability.md

File metadata and controls

21 lines (11 loc) · 729 Bytes

Add user vulnerability

Description

There is a vulnerability in the add_user function within the system module, as it does not effectively filter the username. This allows for the creation of a root account and subsequently enables privilege escalation.

Affected Product

A1300 /AX1800 /AXT1800 /MT3000 /MT2500 /MT6000 /MT1300 /MT300N-V2 /AR750S /AR750 /AR300M /B1300

Affected Firmware Version

4.3.7/4.4.6/4.5.0 Affected, fixed in 4.5.0

Exploit

Attackers calls the add_user interface within the system module to obtain root privileges.

Impact

Attackers can use the vulnerability to escalate their privileges and gain root access, thus executing operations that may compromise the security of the system.