← voltar
CVE-2019-25235

Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

CVSS 8.8 HIGHEPSS 0.4%CWE-639
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Smartwares · Smartwares HOME easy

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/47595https://www.smartwares.euhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php