JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth and multi-media data service in residential homes or enterprises. The device has 2 Gigabit LAN ports, 1 RJ11 analog phone port, high performance 4x4 MIMO and CA capabilities, 802.11b/g/n/ac dual band Wi-Fi, advanced routing and firewall software for security. It provides an effective all-in-one solution to SOHO or residential customers. It can deliver up to 1Gbps max data throughput which can be very competitive to wired broadband access service.
The application suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.