exploitDog

CVE-2018-15819

Опубликовано: 02 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.

Ссылки

https://packetstormsecurity.com/files/152454/EasyIO-30P-Authentication-Bypass-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2019/Apr/13
Exploit
Mailing List
Third Party Advisory
https://packetstormsecurity.com/files/152454/EasyIO-30P-Authentication-Bypass-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2019/Apr/13
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:easyio:easyio_30p_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.5.27 (исключая)

cpe:2.3:h:easyio:easyio_30p:-:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00685

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-rggj-vg82-mprw

github

больше 3 лет назад

EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.

EPSS

Процентиль: 71%

0.00685

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287