Vulnerability Description
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Askey | Ap5100W Firmware | <= 1.01.097 |
| Askey | Ap5100W | - |
Related Weaknesses (CWE)
References
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-acExploitThird Party Advisory
- https://www.askey.com.tw/Vendor Advisory
- https://www.askey.com.tw/incident_report_notifications.htmlBroken LinkVendor Advisory
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-acExploitThird Party Advisory
- https://www.askey.com.tw/Vendor Advisory
- https://www.askey.com.tw/incident_report_notifications.htmlBroken LinkVendor Advisory
FAQ
What is CVE-2020-26201?
CVE-2020-26201 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to th...
How severe is CVE-2020-26201?
CVE-2020-26201 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26201?
Check the references section above for vendor advisories and patch information. Affected products include: Askey Ap5100W Firmware, Askey Ap5100W.