Описание
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.2 (включая)
Одновременно
cpe:2.3:o:advantech_b\+b_smartworx:mesr901_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech_b\+b_smartworx:mesr901:-:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01603
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-603
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
EPSS
Процентиль: 81%
0.01603
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-603
CWE-287