PT-2025-47395 · Encore · Sencore Smp100 Smp Media Platform
Published
2025-11-18
·
Updated
2025-11-19
·
CVE-2025-63226
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sencore SMP100 SMP Media Platform versions V4.2.160, V60.1.4, V60.1.29
Description
The Sencore SMP100 SMP Media Platform is susceptible to session hijacking because of inadequate session management. An attacker on the same network as a logged-in user can access the
/UserManagement.html endpoint and add new users without authentication. This allows unauthorized access to the system and the potential for malicious actions.Recommendations
Update firmware to a version that addresses the session management issue.
Restrict network access to the
/UserManagement.html endpoint.Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sencore Smp100 Smp Media Platform