The management Permission Bypass Vulnerability exists on the N new routers under Baidu (routing control permission can be hijacked within the network segment)

The management Permission Bypass Vulnerability exists on the N new routers under Baidu (routing control permission can be hijacked within the network segment)

I do not know whether the route is Baidu or Lenovo.
This is what the two of you jointly created.

Problem route model name: New Route

Model: Y1

When I buy it back, the router system version is 1.6.8.8.

1.6.8.8 the test passed other tests

First, connect to the roommate's wifi Gateway: 192.168.99.1

Trying to log on with a weak password is fruitless

Just look at the Baidu account next to login

I tried to log on to a Baidu account that has not been logged on.
 

If you log on directly, you will be prompted that the current account is not bound to the route. You can bind a Baidu account to use extended applications, remote downloads, and other functions.

Click "bind" and enter the vro password.

Click anything to capture packets.
 

Then, set the display in the past to indicate a wrong password.
 

Ignore modifying it to {"status": 1 }.
 

Duang's voice ~ Log in. It's time to stop the roommates!
 

It looks like it's common-a few of them are coming in!

Solution:

Enhanced verification