CVE-2024-42657

HIGH

Wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42657. PoCs published by baroi-ai.

AI-analyzed exploit summary The repository describes CVE-2024-42657, an information leakage vulnerability in the wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 due to unencrypted HTTP transmission of login credentials. The writeup provides technical details about the vulnerability, its impact, and remediation steps.

Description

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process

Exploits (1)

nomisec WRITEUP

by baroi-ai · poc

https://github.com/baroi-ai/CVE-2024-42657

View Code ZIP pw:eip

The repository describes CVE-2024-42657, an information leakage vulnerability in the wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 due to unencrypted HTTP transmission of login credentials. The writeup provides technical details about the vulnerability, its impact, and remediation steps.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0

No auth needed

Prerequisites: Network access to intercept traffic

MITRE ATT&CK

T1557 - Adversary-in-the-Middle

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

https://github.com/sudo-subho/CVE-2024-42657

Third Party Advisory

https://www.linkedin.com/in/subhodeep-baroi-397629252/

Permissions Required

https://x.com/sudo_subho

Scores

CVSS v3 7.5

EPSS 0.0048

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-311

Status published

Products (1)

nepstech/ntpl-xpon1gfevn_firmware 1.0

Published Aug 19, 2024

Tracked Since Feb 18, 2026