An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.
The password change function in Connectize AC21000 G6 firmware version 641.139.1.1256 does not verify user identity by requiring entry of the current password before changing it. An attacker can send a password change request without knowing the current administrative password, resulting in full control takeover of the device. The vulnerability is classified as improper authorization (CWE-863), as the system does not enforce proper access control for critical operations.
An attacker can gain full administrative control over the router by changing the access password without knowing the current authentication credentials. Consequences may include loss of access by the legitimate administrator, modification of network configuration, and potential exposure of the entire network infrastructure served by the device.
Apply patches available from the manufacturer according to the references. Additionally, it is recommended to restrict access to the device's administrative panel exclusively to trusted IP addresses and isolate the management interface from the public network.
Connectize AC21000 G6 with firmware version 641.139.1.1256
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HConnectize Ac21000 G6
HWConnectizewszystkie wersjeConnectize Ac21000 G6 Firmware
OSConnectize641.139.1.1256
Related vulnerabilities
Privilege escalation w routerze Connectize AC21000 G6 — słabe zarządzanie poświadczeniami
Brak ograniczenia liczby prób po stronie klienta w Connectize AC21000 G6
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to ga...
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via...
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to...