CVE-2019-13379

Name of the Vulnerable Software and Affected Versions AVTECH Room Alert 3E versions prior to 2.2.5

Description The issue allows an attacker with access to the device's web interface to escalate privileges from an unauthenticated user to administrator. This can be achieved by performing a "cmd.cgi?action=ResetDefaults&src=RA" reset and then using the default credentials to gain access.

Recommendations For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider changing the default credentials to custom ones to prevent exploitation. Restrict access to the device's web interface to minimize the risk of unauthorized resets.