Analog Fm Transmitter Exc1000gt Firmware
analog_fm_transmitter_exc1000gt_firmware
Vendor: Sielco • 4 CVEs
CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 moreNov 21, 2024 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative...Show more |
1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 moreNov 21, 2024 Oct 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters....Show more |
1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 moreNov 21, 2024 Oct 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The cookie session ID is of insufficient length and can be exploited by
brute force, which may allow a remote attacker to obtain a valid
session, bypass authentication, and manipulate the transmitter.
|
1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 moreNov 21, 2024 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
|