Description
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/ethancunt/CVE-2022-45600
Scores
CVSS v3
8.8
EPSS
0.4180
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
aztech/wmb250ac_firmware
016_2020
Published
Feb 22, 2023
Tracked Since
Feb 18, 2026