Описание
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.0029
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-331
Связанные уязвимости
EPSS
Процентиль: 52%
0.0029
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-331