Sielco: >> Analog Fm Transmitter Exc120gx Security Vulnerabilities
The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-26
The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with
administrative privileges if a logged-in user visits a malicious web
site.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-26
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-26
The cookie session ID is of insufficient length and can be exploited by
brute force, which may allow a remote attacker to obtain a valid
session, bypass authentication, and manipulate the transmitter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-26