Primary

Context

Iteaj iBoot IoT Gateway Password Manipulation Vulnerability in Admin Interface

Vulnerability

A vulnerability exists in the Iteaj iBoot IoT Gateway version 1.1.3, specifically within the Admin Password Handler component. The issue arises in the '/core/admin/pwd' file, where improper access controls allow low-privileged users to change passwords for administrators or other users. This vulnerability can be exploited remotely, leading to unauthorized access.

Impact

Exploitation of this vulnerability allows low-privileged users to gain administrative access by changing the admin password.

Reproduction

To reproduce this vulnerability, send a POST request to the '/core/admin/pwd' endpoint with a payload that includes the 'id' parameter set to a target user's ID and the 'password' and 'surePassword' fields set to the new password. This request must include a valid session cookie for authentication. Once the password is changed, log in with the new credentials to access the admin account.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Iteaj iBoot IoT Gateway Password Manipulation Vulnerability in Admin Interface

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating