Interno Routers given out by ISPs allow full administrative access
Several Inteno routers do not validate the Auto Configuration Server (ACS) certificate (CWE-295). An attacker in a privileged network position can Man-in-the-Middle the connection between the device and the Auto Configuration Server (ACS). If ACS has been preconfigured by the ISP (this is usually the case) no user actions are required for exploitation. Impact —— Read more about Interno Routers given out by ISPs allow full administrative access[…]