Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
B426 Web Configuration Authentication Bypass
Vulnerability Description
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Bosch多个产品访问控制错误漏洞
Vulnerability Description
Bosch B426等都是德国博世(Bosch)公司的一个固件。 Bosch多个产品存在访问控制错误漏洞,该漏洞源于lgs.cgi模块中使用硬编码的会话令牌。该漏洞允许远程攻击者绕过受影响的Bosch产品安装的身份验证。以下产品和版本受到影响:Bosch B426 Firmware < 03.08、Bosch B426-CN/B429- CN Firmware < 03.08、Bosch B426-M Firmware < 03.10。
CVSS Information
N/A
Vulnerability Type
N/A