Описание
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Ссылки
- Product
- Product
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- Third Party AdvisoryExploit
- Third Party AdvisoryExploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 6.5
github
около 2 месяцев назад
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
EPSS
Процентиль: 51%
0.00281
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-384