N/A

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.

N/A

N/A

GatesAir Flexiva-LX Series 安全漏洞

GatesAir Flexiva-LX Series是美国GatesAir公司的一系列固态FM发射器。 GatesAir Flexiva-LX Series 1.0.13版本和2.0版本存在安全漏洞，该漏洞源于公开可访问的日志文件暴露敏感会话标识符，可能导致会话劫持。

N/A

N/A