Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
Vulnerability Description
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
HMS eWON Firmware 信任管理问题漏洞
Vulnerability Description
HMS eWON Firmware是瑞典HMS公司的一个嵌入式设备固件。 HMS eWON Firmware 12.2至13.0版本存在信任管理问题漏洞,该漏洞源于wsdReadForm端点存在身份验证绕过,可能导致攻击者检索敏感用户数据。
CVSS Information
N/A
Vulnerability Type
N/A