PT-2019-7145 · Zhone · Znid 2426A

Lyon Yang

·

Publicado

2019-11-21

·

Atualizado

2019-12-04

·

CVE-2014-8356

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Zhone zNID 2426A versions prior to S3.0.501
Description The issue concerns an insecure direct object reference in the web administrative portal, allowing remote authenticated users to bypass intended access restrictions via a modified server response.
Recommendations For versions prior to S3.0.501, update to version S3.0.501 or later to resolve the issue.

Exploit

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2014-8356

Produtos afetados

Znid 2426A