Accessing a router's configuration via an HTTP URL demonstrates which vulnerability?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Accessing a router's configuration via an HTTP URL demonstrates which vulnerability?

Explanation:
Accessing a router’s configuration through HTTP shows that the management interface is exposed over an unsecured web channel, allowing administrative actions to be performed via a URL. If the HTTP interface isn’t properly protected—lacking strong authentication, authorization controls, or using default credentials—an attacker could reach the configuration pages and changes could be made without proper safeguards. This situation is described as an HTTP Configuration Arbitrary Administrative Access Vulnerability, highlighting that the risk comes from using HTTP (not secure) to perform arbitrary admin actions on the device. Other options don’t fit as precisely. An HTML configuration vulnerability would focus on issues with HTML content itself rather than the transport method or access control of the web interface. URL Obfuscation vulnerability concerns tricks that mislead users about a URL’s true destination, not direct unauthorized configuration access. A Cisco IOS Arbitrary Administrative Access Online Vulnerability is overly specific to a vendor’s IOS and a particular implementation, whereas the scenario points to the general risk of admin access over HTTP.

Accessing a router’s configuration through HTTP shows that the management interface is exposed over an unsecured web channel, allowing administrative actions to be performed via a URL. If the HTTP interface isn’t properly protected—lacking strong authentication, authorization controls, or using default credentials—an attacker could reach the configuration pages and changes could be made without proper safeguards. This situation is described as an HTTP Configuration Arbitrary Administrative Access Vulnerability, highlighting that the risk comes from using HTTP (not secure) to perform arbitrary admin actions on the device.

Other options don’t fit as precisely. An HTML configuration vulnerability would focus on issues with HTML content itself rather than the transport method or access control of the web interface. URL Obfuscation vulnerability concerns tricks that mislead users about a URL’s true destination, not direct unauthorized configuration access. A Cisco IOS Arbitrary Administrative Access Online Vulnerability is overly specific to a vendor’s IOS and a particular implementation, whereas the scenario points to the general risk of admin access over HTTP.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy