The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediabridge | medialink_mwn-wapr300n_firmware | * |
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediabridge | medialink_mwn-wapr300n_firmware | * |
| tenda | n3_wireless_n150 | * |
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediabridge | medialink_mwn-wapr300n_firmware | * |