Описание
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Ссылки
- Third Party Advisory
- Product
- Exploit
- Third Party Advisory
- ExploitThird Party Advisory
- Exploit
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.3 (включая)
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.3
github
3 месяца назад
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
EPSS
Процентиль: 20%
0.00064
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306