F1Re_W1Re

**Name of the Vulnerable Software and Affected Versions** Christie Digital DWU850-GS version V06.46 **Description** The issue allows attackers to perform any desired action via a crafted query containing an unspecified `Cookie` header. Authentication bypass can be achieved by including an administrative `cookie` that the device does not validate. **Recommendations** For Christie Digital DWU850-GS version V06.46, as a temporary workaround, consider restricting access to the `webctrl.cgi.elf` file until a patch is available. Avoid using administrative cookies in queries to the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.