PT-2023-23414 · Luowice · Luowice
Published
2023-05-16
·
Updated
2023-05-24
·
CVE-2023-31677
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
luowice version 3.5.18
Description
The issue allows attackers to view information for other alarm devices by modifying the
eseeid parameter, due to insecure permissions.Recommendations
For luowice version 3.5.18, restrict access to the
eseeid parameter to prevent unauthorized modification and viewing of other alarm devices' information.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Luowice