PT-2021-22884 · Compro · Compro Ip70+3
Published
2021-09-01
·
Updated
2021-09-10
·
CVE-2021-40378
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Compro IP70 version 2.08 7130218
Compro IP570 version 2.08 7130520
Compro IP60 (affected versions not specified)
Compro TN540 (affected versions not specified)
Description
An issue was discovered that affects the deletion of all data from the device. The "/cgi-bin/support/killps.cgi" endpoint is involved in this issue.
Recommendations
For Compro IP70 version 2.08 7130218, consider disabling access to the "/cgi-bin/support/killps.cgi" endpoint until a fix is available.
For Compro IP570 version 2.08 7130520, consider disabling access to the "/cgi-bin/support/killps.cgi" endpoint until a fix is available.
For Compro IP60, at the moment, there is no information about a newer version that contains a fix for this issue.
For Compro TN540, at the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Compro Ip570
Compro Ip60
Compro Ip70
Compro Tn540