PT-2023-16501 · Unknown · Yellobrik Pec-1864

Vincent Salvadori

Published

2023-04-06

Updated

2023-04-18

CVE-2023-0750

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yellobrik PEC-1864 (affected versions not specified)

Description The Yellobrik PEC-1864 device implements authentication checks via JavaScript in the frontend interface. When the device can be accessed over the network, an attacker could bypass authentication. This would allow an attacker to change the password, resulting in a denial of service for the users, change the streaming source, compromising the integrity of the stream, and change the streaming destination, compromising the confidentiality of the stream.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-602

Related Identifiers

CVE-2023-0750

Affected Products

Yellobrik Pec-1864

PT-2023-16501 · Unknown · Yellobrik Pec-1864

CVE-2023-0750

Weakness Enumeration

Related Identifiers

Affected Products

References · 3