Fastweb FASTGate 1.0.1b Information Exposure Vulnerability

Summary

Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Credit:

The information has been provided by Vendor

The original article can be found at:https://angeloanatrella86.github.io/CVE-2019/

 


Details

An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.

 

Vulnerable Systems:

Fastweb FASTGate 1.0.1b 

 

CVE Information:

CVE-2019-18661

 

Disclosure Timeline:
Published Date: 11/01/2019