exploitDog

CVE-2021-40350

Опубликовано: 01 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.

Ссылки

https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/
Exploit
Third Party Advisory
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:christiedigital:dwu850-gs_firmware:06.46:*:*:*:*:*:*:*

cpe:2.3:h:christiedigital:dwu850-gs:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00398

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-3fmh-frpw-xcrq

github

больше 3 лет назад

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.

EPSS

Процентиль: 60%

0.00398

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287