N/A

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

访问控制不恰当

Econolite EOS traffic control software 访问控制错误漏洞

Econolite EOS traffic control software是Econolite公司的控制所有 Econolite 交通硬件的交通控制软件。 Econolite EOS traffic control software 3.2.23之前版本存在访问控制错误漏洞，该漏洞源于其访问控制不当并且缺乏获取日志文件以及某些数据库和配置文件的READONLY访问权限的密码要求。

N/A

N/A