An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
An unauthenticated attacker can hijack other users' devices and potentially control them.
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-639 Authorization Bypass Through User-Controlled Key
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user
An authenticated user without user-management permissions could view other users account information.
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
Page 1+ Next →