The So Wifi hotspot web interface is vulnerable to an open redirect attack. The web application fails to properly sanitize untrusted input, thus allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

Product Affected: So Wifi hotspot

Version Affected: Firmware version was 137

Vulnerability Description: The So Wifi hotspot web interface is vulnerable to an open redirect attack. The web application fails to properly sanitize untrusted input, thus allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

Remediation: This issue has been addresses since firmware version 140. The input is validated against a list of trusted url’s.

CVSS Score: 7.4

Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Acknowledgments: Emmanouil Angelakis of NeuroSoft S.A. (Redyops Team).

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user.

Product Affected: Junos Space Network Management Platform

Version Affected: Juniper JUNOS Space 17.1R1 Juniper JUNOS Space 16.1R1

Vulnerability Description: An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user.

Remediation: This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3.

CVSS Score: 9.8

Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference:

Acknowledgments: Ilias Polychroniadis of NeuroSoft S.A. (Redyops Team).