Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover
Vulnerability Description
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
DirectCyber Evolution Controller 访问控制错误漏洞
Vulnerability Description
DirectCyber Evolution Controller是DirectCyber公司的一款门禁控制器软件,用于控制器对设施的物理访问。 DirectCyber Evolution Controller 2.04.560.31.03.2024 版本及之前版本存在访问控制错误漏洞,该漏洞源于 Web 界面包含配置不当的访问控制,允许未经身份验证的攻击者在应用程序中更新和添加用户配置文件,并获得站点的完全访问权限。
CVSS Information
N/A
Vulnerability Type
N/A