Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TECSON/GOK: Improper Authentication and Access Control on multiple devices
Vulnerability Description
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
TECSON/GOK SmartBox 授权问题漏洞
Vulnerability Description
TECSON/GOK SmartBox是德国TECSON/GOK公司的一系列电子油箱管理系统。 TECSON/GOK SmartBox 系列4款产品存在授权问题漏洞,该漏洞源于缺乏充分实施的访问控制规则,恶意用户通过访问 Web 服务器上的特定统一资源定位器 (URL) 就可以在完全不进行身份验证的情况下更改应用程序设置。
CVSS Information
N/A
Vulnerability Type
N/A