KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows
unauthenticated attackers to visit the unprotected
/goform/LoadDefaultSettings endpoint and reset the device to its
factory default settings. Once the GET request is made, the device
will reboot with its default settings allowing the attacker to
bypass authentication and take full control of the system.
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows
unauthenticated attackers to visit the unprotected
/goform/LoadDefaultSettings endpoint and reset the device to its
factory default settings. Once the GET request is made, the device
will reboot with its default settings allowing the attacker to
bypass authentication and take full control of the system.
Read more https://packetstormsecurity.com/files/161888/ZSL-2021-5642.txt
