Vulnerability Details CVE-2019-25436
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2019-25436
-
cpe:2.3:a:sricam:deviceviewer:3.12.0.1