A low-privileged account can escalate to administrator privileges on the FS AP-515 access point by exploiting a misconfiguration in the '/web_config.do' endpoint, which exposes clear-text SSH and TELNET passwords. By retrieving these credentials, attackers can gain unauthorized SSH access and take full control of the device.
Privilege-escalation
- An authenticated threat actor can exploit a vulnerability in the ZKTeco WDMS due to improper write permissions on the 'django.wsgi' file. This misconfiguration allows the attacker to modify the file and execute arbitrary code with elevated privileges on the server, resulting in persistent access to the affected system.
