PT-2023-24345 · Unknown · Bes--6024Pb-I50H1 Videoplaytool
Published
2023-06-08
·
Updated
2025-01-06
·
CVE-2023-33443
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BES--6024PB-I50H1 VideoPlayTool version 2.0.1.0
Description
The issue is related to incorrect access control in the administrative functionalities, allowing attackers to execute arbitrary administrative commands. This can be achieved by sending a crafted payload to the desired endpoints.
Recommendations
For BES--6024PB-I50H1 VideoPlayTool version 2.0.1.0, consider restricting access to administrative functionalities until a patch is available. As a temporary workaround, limit the ability to send crafted payloads to the desired endpoints.
Exploit
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bes--6024Pb-I50H1 Videoplaytool