PT-2018-1632 · Entes · Entes Emg12

Can Demirel

Published

2018-10-02

Updated

2019-10-09

CVE-2018-14826

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Entes EMG12 versions 2.57 and prior

Description The issue is related to the web interface of the software, where an attacker can bypass authentication using a specially crafted URL, potentially allowing for remote code execution. The vulnerability is caused by errors in the authentication mechanism, which can be exploited by a remote attacker to bypass authentication and execute arbitrary code.

Recommendations For Entes EMG12 versions 2.57 and prior, consider disabling the web interface until a patch is available to prevent potential exploitation. Restrict access to the web interface to minimize the risk of remote code execution. Avoid using specially crafted URLs that could be used to bypass authentication.

Fix

Improper Authentication

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-20

Related Identifiers

BDU:2018-01191

CVE-2018-14826

Affected Products

Entes Emg12

PT-2018-1632 · Entes · Entes Emg12

CVE-2018-14826

Weakness Enumeration

Related Identifiers

Affected Products

References · 6