Описание
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.62 (включая)
Одновременно
cpe:2.3:o:prosoft-technology:icx35-hwc-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:prosoft-technology:icx35-hwc-a:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.9.62 (включая)
Одновременно
cpe:2.3:o:prosoft-technology:icx35-hwc-e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:prosoft-technology:icx35-hwc-e:-:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00159
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-264
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
EPSS
Процентиль: 37%
0.00159
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-264
NVD-CWE-Other