CVE-2020-12106
CRITICALVPNCrypt M10 2.6.5 - Unauthenticated Administrative Function Access via Web Portal
Title source: llmDescription
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.stengg.com/cybersecurity
Third Party Advisory x_refsource_misc
https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf
Scores
CVSS v3
9.8
EPSS
0.0140
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
stengg/vpncrypt_m10_firmware
2.6.5
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026