An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
An unauthenticated remote attacker can access a URL which causes the device to reboot.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
Page 1+ Next →