Sielco PolyEco Digital FM...

- AV AC AU C I A
发布: 2023-04-12
修订: 2024-12-11

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.

0%
当前有1条漏洞利用/PoC
当前有0条受影响产品信息