PT-2023-16501 · Unknown · Yellobrik Pec-1864

Vincent Salvadori

Publicado

2023-04-06

Atualizado

2023-04-18

CVE-2023-0750

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yellobrik PEC-1864 (affected versions not specified)

Description The Yellobrik PEC-1864 device implements authentication checks via JavaScript in the frontend interface. When the device can be accessed over the network, an attacker could bypass authentication. This would allow an attacker to change the password, resulting in a denial of service for the users, change the streaming source, compromising the integrity of the stream, and change the streaming destination, compromising the confidentiality of the stream.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311CWE-602

Identificadores relacionados

CVE-2023-0750

Produtos afetados

Yellobrik Pec-1864

PT-2023-16501 · Unknown · Yellobrik Pec-1864

CVE-2023-0750

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3