Описание
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07086
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
EPSS
Процентиль: 91%
0.07086
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other