漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GatesAir Maxiva 安全漏洞
Vulnerability Description
GatesAir Maxiva是美国GatesAir公司的一系列发射器。 GatesAir Maxiva存在安全漏洞,该漏洞源于Web管理界面中存在会话劫持漏洞。未经身份验证的攻击者可以访问暴露的日志文件。
CVSS Information
N/A
Vulnerability Type
N/A