CVE-2019-1010136

HIGH

ChinaMobile GPN2.4P21-C-CN W2001EN-00 - Unauthenticated RCE

Title source: llm

Description

ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote.

Exploits (1)

exploitdb WORKING POC

by Chris Rose · pythondoshardware

https://www.exploit-db.com/exploits/45187

View Code ZIP pw:eip

References (2)

[Permissions Required] https://www.shodan.io/search?query=title%3APLC++pstVal-%3Evalue%3Ahtml%2Findex.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45187/

Scores

CVSS v3 7.5

EPSS 0.0103

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-306

Status published

Products (1)

chinamobileltd/gpn2.4p21-c-cn_firmware w2001en-00

Published Jul 19, 2019

Tracked Since Feb 18, 2026