CVE-2023-38946

Name of the Vulnerable Software and Affected Versions Multilaser RE160 firmware versions 5.07.51 pt MTL01 through 5.07.52 pt MTL01

Description The issue allows attackers to bypass access control and gain complete access to the application by supplying a crafted cookie. This enables attackers to manipulate the cookie and gain unauthorized access.

Recommendations For versions 5.07.51 pt MTL01 and 5.07.52 pt MTL01, consider restricting access to the application until a patch is available. As a temporary workaround, avoid using the vulnerable cookie manipulation feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.