Описание
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00112
Низкий
8.6 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.6
github
почти 2 года назад
** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.
EPSS
Процентиль: 31%
0.00112
Низкий
8.6 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352