Описание
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*
cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00347
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
11 месяцев назад
An attacker with access to the network where the vulnerable device is located could capture traffic and obtain cookies from the user, allowing them to steal a user's active session and make changes to the device via the web, depending on the privileges obtained by the user.
EPSS
Процентиль: 57%
0.00347
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287