Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated modification of Radiflow iSAP Smart Collector configuration
Vulnerability Description
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration and execute some commands (e.g., system reboot).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Radiflow iSAP Smart Collector 安全漏洞
Vulnerability Description
Radiflow iSAP Smart Collector是美国Radiflow公司的一个为工业网络设计的远程流量采集与转发设备。 Radiflow iSAP Smart Collector存在安全漏洞,该漏洞源于管理网络上的未认证REST API,可能导致攻击者获取和修改系统配置。
CVSS Information
N/A
Vulnerability Type
N/A