Описание
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
Ссылки
- Technical Description
- ExploitThird Party Advisory
- Broken Link
- Product
- Product
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*
cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*
cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*
cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*
cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*
cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*
cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00087
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-922
Связанные уязвимости
CVSS3: 6.5
github
6 месяцев назад
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
EPSS
Процентиль: 25%
0.00087
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-922