KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Posted on 19 March 2021

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.