Описание
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
2.9 Low
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password.
EPSS
5.3 Medium
CVSS3
2.9 Low
CVSS2