Описание
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gigasetpro:maxwell_basic_firmware:2.22.7:*:*:*:*:*:*:*
cpe:2.3:h:gigasetpro:maxwell_basic:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00622
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
EPSS
Процентиль: 70%
0.00622
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-640