PT-2018-16208 · Flir · Flir Brickstream 2300

Publicado

2018-01-01

Atualizado

2018-01-17

CVE-2018-3813

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FLIR Brickstream 2300 devices versions 2.0 through 4.1.53.166

Description The issue concerns incorrect access control, allowing unauthorized reading of sensitive fields via a direct request. Specifically, the AVI USER ID and AVI USER PASSWORD fields can be accessed.

Recommendations For versions 2.0 through 4.1.53.166, restrict access to the getConfigExportFile.cgi endpoint to minimize the risk of exploitation. Avoid using the AVI USER ID and AVI USER PASSWORD fields in the affected endpoint until the issue is resolved.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-3813

Produtos afetados

Flir Brickstream 2300

PT-2018-16208 · Flir · Flir Brickstream 2300

CVE-2018-3813

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3