CVE-2023-41027 Information

Description

Credential disclosure in the ‘/webs/userpasswd.htm’ endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

Reference

https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-credential-disclosure-vulnerability/