CVE-2021-32002

Published: Aug 5, 2021Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Affected (1)

Products: Secomea: Sitemanager Firmware

1 product

Sitemanager Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Secomea Sitemanager Firmware	Before 9.5.621256022

Running on/with	Platform Versions
Secomea Sitemanager	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.secomea.com/support/cybersecurity-advisory

Source: VulnerabilityReporting@secomea.com

Vendor Advisory

https://www.secomea.com/support/cybersecurity-advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.