Vulnerability Details CVE-2020-35586
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://github.com/aress31/solstice-pod-cves
- https://www.mersive.com/uk/products/solstice/
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://github.com/aress31/solstice-pod-cves
- https://www.mersive.com/uk/products/solstice/
Products affected by CVE-2020-35586
-
cpe:2.3:h:mersive:solstice_pod:-
-
cpe:2.3:o:mersive:solstice_pod_firmware:-
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.6.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.6.2
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.2
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.3
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.4
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.7
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.9
-
cpe:2.3:o:mersive:solstice_pod_firmware:3.0.1