KZTech JT3500V 4G LTE CPE Session Management Vulnerability Allowing Credential Reuse

A session management vulnerability has been identified in the KZTech JT3500V 4G LTE CPE, specifically in version 2.0.1. This vulnerability allows attackers to reuse old session credentials due to inadequate session expiration. By exploiting this weak session handling, attackers can maintain unauthorized access and potentially compromise the device's authentication mechanisms.

Impact

Exploitation of this vulnerability can lead to unauthorized access by allowing attackers to reuse session credentials, bypassing security restrictions and potentially compromising the device's authentication processes.

Reproduction

The vulnerability can be reproduced by sending a request that includes an old session identifier. The device will accept the reused session ID, granting access as if the session were still valid. This can be done using standard web request tools or scripts that automate the process of sending HTTP requests with the appropriate cookies or session data.