CVE-2019-12254

Name of the Vulnerable Software and Affected Versions Tecson Tankspion (affected versions not specified) GOKs SmartBox 4 (affected versions not specified)

Description The affected application does not properly restrict access to an endpoint responsible for saving settings, allowing an unauthenticated user with limited access rights to change application settings without authenticating. This is due to the lack of adequately implemented access-control rules, which can be exploited by accessing a specific uniform resource locator (URL) on the web server, violating the originally laid ACL rules.

Recommendations For Tecson Tankspion, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For GOKs SmartBox 4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.