N/A

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

关键功能的认证机制缺失

Bosch ctrlX HMI Web Panel WR21 访问控制错误漏洞

Bosch ctrlX HMI Web Panel WR21是德国博世（Bosch）公司的一款 HMI 面板。 Bosch ctrlX HMI Web Panel WR21版本存在安全漏洞，该漏洞源于允许有权访问TPC-110W设备子网的非特权攻击者获取root权限并滥用设备上的su二进制文件。

N/A

N/A