PT-2019-13318 · Advan · Advan Vd-1
Keniver Wang
·
Publicado
2019-08-29
·
Atualizado
2020-08-24
·
CVE-2019-13406
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Advan VD-1 firmware versions up to 230
Description
A broken access control issue allows an attacker to install arbitrary APKs without authentication by sending a POST request to "cgibin/ApkUpload.cgi".
Recommendations
For Advan VD-1 firmware versions up to 230, consider restricting access to the "cgibin/ApkUpload.cgi" endpoint until a patch is available.
Exploit
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Advan Vd-1