Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RDK WebUI组件访问控制错误漏洞
Vulnerability Description
RDK Management RDK是RDK Management社区的一套模块化、可移植、可定制的开源物联网软件解决方案。 RDK RDKB-20181217-1版本中的WebUI组件的actionHandlerUtility.php文件存在访问控制错误漏洞。攻击者可通过向PHP后端发送HTTP POST请求利用该漏洞控制DDNS、QoS、RIP和其他的特权配置。
CVSS Information
N/A
Vulnerability Type
N/A