Askey Ap5100W Firmware vulnerabilities
3 known vulnerabilities affecting askey/ap5100w_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15357P2CRITICALCVSS 9.8≤ 1.01.0972020-12-11
CVE-2020-15357 [CRITICAL] CWE-78 CVE-2020-15357: Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remo
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
nvd
CVE-2020-26201P2CRITICALCVSS 9.8≤ 1.01.0972020-12-10
CVE-2020-26201 [CRITICAL] CWE-521 CVE-2020-26201: Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
nvd
CVE-2020-15023P4MEDIUMCVSS 5.9≤ 1.01.0972020-12-11
CVE-2020-15023 [MEDIUM] CWE-330 CVE-2020-15023: Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This al
nvd