Описание
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.6 (исключая)Версия до 4.8.6 (исключая)
Одно из
cpe:2.3:a:softcreate:l2blocker:*:*:*:*:cloud:*:*:*
cpe:2.3:a:softcreate:l2blocker:*:*:*:*:on-premise:*:*:*
EPSS
Процентиль: 28%
0.00101
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.
EPSS
Процентиль: 28%
0.00101
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-287