Title: PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control EDB-ID: 46580 CVE: 2019-6279 Author: Kumar Saurav Type: WEBAPPS Platform: HARDWARE Date: 2019-03-20 Vulnerable App: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN (Firmware: W2001EN-00) Description ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices running firmware W2001EN-00 are affected by an Incorrect Access Control vulnerability via the URI. This allows an attacker to modify the wireless security password without proper authentication. Reproduction Steps 1. Create a malicious HTML web page. 2. Attackers can change the wireless security (WPA/WPA2) key by submitting a specific password. 3. Use the following form to deliver the exploit: 4. Save the file as . 5. Deploy the malicious web page; it will be accessible to any user connected to the AP. 6. Upon execution, the wireless security key will be changed. Note This vulnerability enables an attacker to exploit the issue without requiring login credentials. Tags Authentication Bypass / Credentials Bypass (AB/CB)