IP-COM Multi-WAN Hotspot Router (M50) Vulnerability
IP-COM Multi-WAN Hotspot Router (M50) allow unauthenticated remote attackers to access the configuration file and consequently bypass authentication by directly requesting either http://xxx.yyy.zzz.qqq/cgi-bin/DownloadCfg/RouterCfm.cfg or http://xxx.yyy.zzz.qqq/cgi-bin/DownloadCfg/switch.cfg. The configuration file contains the administrator password encoded in Base64. A remote attacker can easily decode the administrator password, set up a VPN server, infiltrate the victim's network, and alter DNS records to manipulate requests, redirecting users to malicious sites. Model: Multi-WAN Hotspot Router M50 Version: V15.01.0.5(3076_839) Cumhur Kizilari