CVE-2019-14453

Name of the Vulnerable Software and Affected Versions Comelit "App lejos de casa (web)" version 2.8.0

Description The issue allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. An attacker can achieve high privileges, such as installer or administrator, for the graphical interface by using a specific value, 1C000000000S, for domus in conjunction with a zero value for logged.

Recommendations For Comelit "App lejos de casa (web)" version 2.8.0, consider restricting access to the js/bridge.min.js and login.json files to minimize the risk of exploitation. As a temporary workaround, avoid using modified domus and logged fields until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.