Filtered by vendor Gok
Subscriptions
Filtered by product Smartbox 4 Lan Pro
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12254 | 2 Gok, Tecson | 10 Smartbox 4 Lan, Smartbox 4 Lan Firmware, Smartbox 4 Lan Pro and 7 more | 2024-11-21 | 9.8 Critical |
| In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules. | ||||
Page 1 of 1.