CVE-2022-34767

MEDIUM

ALLNET WR0500AC Firmware - Unauthenticated Authorization Bypass via wizardpwd.asp

Title source: llm
STIX 2.1

Description

Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Does not validate the user's identity and can be accessed publicly.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gov.il/en/Departments/faq/cve_advisories

Scores

CVSS v3 5.9
EPSS 0.0052
EPSS Percentile 39.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE
CWE-306
Status published
Products (1)
allnet/all-wr0500ac_firmware
Published Jul 21, 2022
Tracked Since Feb 18, 2026