CVE-2018-9112
CRITICALFoxconn AP-FC4064-T Firmware - Use of Hard-coded Credentials and Privilege Escalation via Cookie Manipulation
Title source: llmDescription
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/ChuanYuan-Huang/a92b8b32980123d5fa9bf5a8299114bf
Scores
CVSS v3
9.8
EPSS
0.0134
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
foxconn/ap-fc4064-t_firmware
ap_gt_b38_5.8.3lb15-w47_lte
Published
May 10, 2018
Tracked Since
Feb 18, 2026