PT-2016-6978 · Aver Information · Aver Information Eh6108H+
Travis Lee
·
Published
2016-09-19
·
Updated
2016-11-28
·
CVE-2016-6536
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AVer Information EH6108H+ version X9.03.24.00.07l
Description
The issue concerns the /setup URI, which allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a
handle parameter value.Recommendations
For AVer Information EH6108H+ version X9.03.24.00.07l, as a temporary workaround, consider restricting access to the /setup URI until a patch is available. Avoid using the
handle parameter in the affected API endpoint until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aver Information Eh6108H+