UTT 进取 750W Unverified Password Change Vulnerability in Administrator Password Handler
Vulnerability
A critical vulnerability allowing unverified password changes has been identified in the UTT 进取 750W router, specifically in versions through 5.0. This issue arises in the Administrator Password Handler component, within the formDefineManagement function of the /goform/setSysAdm file. The vulnerability can be exploited remotely, without any authentication, by manipulating the passwd1 parameter to change the administrator password. The exploitation is facilitated by a system call that updates the password, bypassing any verification of the original password.
Impact
Exploitation of this vulnerability allows for unauthorized changes to the administrator password, leading to unauthorized access and control over the router's administrative privileges.
Reproduction
To reproduce this vulnerability, send a request to the /goform/setSysAdm endpoint with a crafted passwd1 parameter that specifies the desired new password. The request can be made without authentication, and the router will accept the password change without verifying the original password.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.