CVE-2020-12106

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
12/08/2020
Last modified:
21/07/2021

Description

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:stengg:vpncrypt_m10_firmware:2.6.5:*:*:*:*:*:*:*
cpe:2.3:h:stengg:vpncrypt_m10:-:*:*:*:*:*:*:*