| |
Vulnerability CVE-2019-9484
Published: 2019-03-01
| Description: |
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." |
Type:
CWE-255 (Credentials Management)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://medium.com/@SergiuSechel/insecure-permissions-in-glen-dimplex-deutschland-gmbh-implementation-of-carel-pcoweb-configuration-ca3896f24835
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
