CVE-2019-25436

Name of the Vulnerable Software and Affected Versions Sricam DeviceViewer version 3.12.0.1

Description An authenticated user can bypass password validation and set a new password by injecting a large payload into the old password parameter during the password change process. The issue allows attackers to change passwords without knowing the current password.

Recommendations Update to a newer version that contains a fix for this vulnerability.