CVE-2020-11542

Опубликовано: 04 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring.

Ссылки

https://www.criticalstart.com/authentication-bypass-vulnerability-discovered-in-infinias-eidc32-webserver/
Exploit
Third Party Advisory
https://www.criticalstart.com/authentication-bypass-vulnerability-discovered-in-infinias-eidc32-webserver/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:3xlogic:infinias_eidc32_firmware:2.213:*:*:*:*:*:*:*

cpe:2.3:o:3xlogic:infinias_eidc32_web:1.107:*:*:*:*:*:*:*

cpe:2.3:o:3xlogic:infinias_eidc32:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-86q8-rg63-hvmr

github

больше 3 лет назад

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.