Описание
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
Ссылки
- Product
- Product
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00241
Низкий
8.8 High
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 8.8
github
около 2 месяцев назад
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
EPSS
Процентиль: 47%
0.00241
Низкий
8.8 High
CVSS3
Дефекты
CWE-384