CVE-2018-12073

Name of the Vulnerable Software and Affected Versions Eminent EM4544 version 9.10

Description An issue allows changing the admin password to an attacker-chosen value without knowing the current password, potentially through exploitation in combination with a successful XSS or at an unattended workstation.

Recommendations For Eminent EM4544 version 9.10, consider restricting access to the web interface to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the ability to change the admin password within the web interface to require the current password.