Security restrictions bypass in Siemens TIM 1531 IRC
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-4841 |
| CWE-ID | CWE-303 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
TIM 1531 IRC Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU11443
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-4841
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to incorrect implementation of authentication algorithm. A remote attacker with network access to Port 80/TCP or Port 443/TCP can bypass security restrictions and perform administrative operations on the device, cause DoS condition, gain read or write access to arbitrary data on the target system.
Update to version 1.1.
Vulnerable software versionsTIM 1531 IRC: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
