1 results (0.006 seconds)
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35572
https://notcve.org/view.php?id=CVE-2022-35572
12 Sep 2022 — On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extra... • https://willgu.es/?p=76 • CWE-306: Missing Authentication for Critical Function •