PT-2023-27074 · Elenos · Elenos Etg150 Fm Transmitter

Eslam Kamal

+1

·

Publicado

2023-10-31

·

Atualizado

2023-11-09

·

CVE-2023-39695

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Elenos ETG150 FM Transmitter version 3.12
Description The issue is related to insufficient session expiration, allowing attackers to change transmitter configuration and data after a user has logged out.
Recommendations For Elenos ETG150 FM Transmitter version 3.12, consider implementing proper session expiration mechanisms to prevent unauthorized access after logout. As a temporary workaround, restrict access to the transmitter configuration and data to minimize the risk of exploitation.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

CVE-2023-39695

Produtos afetados

Elenos Etg150 Fm Transmitter