VYPR

AP5100W

by ASKEY

CVEs (3)

  • CVE-2020-15357CriDec 11, 2020
    risk 0.64cvss 9.8epss 0.04

    Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.

  • CVE-2020-26201CriDec 10, 2020
    risk 0.64cvss 9.8epss 0.02

    Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

  • CVE-2020-15023MedDec 11, 2020
    risk 0.38cvss 5.9epss 0.02

    Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt,…