PT-2021-22885 · Compro · Compro Ip70+3
Published
2021-09-01
·
Updated
2022-07-12
·
CVE-2021-40379
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Compro IP70 version 2.08 7130218
Compro IP570 version 2.08 7130520
Compro IP60 (affected versions not specified)
Compro TN540 (affected versions not specified)
Description
The issue concerns a lack of authorization requirement for the "rstp://.../medias2" endpoint. This suggests that access to certain media resources may be possible without proper authentication.
Recommendations
For Compro IP70 version 2.08 7130218, consider restricting access to the "rstp://.../medias2" endpoint until a fix is available.
For Compro IP570 version 2.08 7130520, consider restricting access to the "rstp://.../medias2" endpoint until a fix is available.
For Compro IP60, at the moment, there is no information about a newer version that contains a fix for this issue.
For Compro TN540, at the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Compro Ip570
Compro Ip60
Compro Ip70
Compro Tn540