Описание
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Ссылки
- Third Party AdvisoryExploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:lynxtechnology:twonky_server:8.5.2:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.50613
Средний
9.8 Critical
CVSS3
Дефекты
CWE-420
Связанные уязвимости
CVSS3: 9.8
github
30 дней назад
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
EPSS
Процентиль: 98%
0.50613
Средний
9.8 Critical
CVSS3
Дефекты
CWE-420