Описание
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:*
cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00159
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.
EPSS
Процентиль: 37%
0.00159
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284