CVE-2020-26201

CRITICAL

Askey AP5100W_Dual_SIG_1.01.097 - Privilege Escalation

Title source: llm

Description

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

References (3)

[Vendor Advisory] https://www.askey.com.tw/

[Broken Link, Vendor Advisory] https://www.askey.com.tw/incident_report_notifications.html

[Exploit, Third Party Advisory] https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d

Scores

CVSS v3 9.8

EPSS 0.0066

EPSS Percentile 71.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521

Status published

Products (1)

askey/ap5100w_firmware < 1.01.097

Published Dec 10, 2020

Tracked Since Feb 18, 2026