Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Q-Free MAXTIME Suite 访问控制错误漏洞
Vulnerability Description
Q-Free MAXTIME Suite是Q-Free公司的一个用于本地交通信号管理的软件套件。 Q-Free MAXTIME Suite 2.11.0版本及之前版本存在访问控制错误漏洞,该漏洞源于maxprofile/setup/routes.lua中的关键功能缺少身份验证。攻击者利用该漏洞可以通过特制的HTTP请求启用身份验证配置文件服务器。
CVSS Information
N/A
Vulnerability Type
N/A