CVE-2021-40350

Name of the Vulnerable Software and Affected Versions Christie Digital DWU850-GS version V06.46

Description The issue allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.

Recommendations For Christie Digital DWU850-GS version V06.46, as a temporary workaround, consider restricting access to the webctrl.cgi.elf file until a patch is available. Avoid using administrative cookies in queries to the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.