PT-2024-12768 · Multilaser · Multilaser Re160+1
Vinícius Moraes
·
Published
2024-03-02
·
Updated
2025-01-03
·
CVE-2023-38944
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Multilaser RE160V version 12.03.01.09 pt
Multilaser RE163V version 12.03.01.10 pt
Description
An issue in the firmware allows attackers to bypass access control and gain complete access to the application via modifying an HTTP header. This enables attackers to access the application without proper authorization.
Recommendations
For Multilaser RE160V version 12.03.01.09 pt, consider restricting access to the application until a patch is available.
For Multilaser RE163V version 12.03.01.10 pt, consider restricting access to the application until a patch is available.
As a temporary workaround, consider disabling the modification of HTTP headers to minimize the risk of exploitation.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Multilaser Re160
Multilaser Re163V