Improper authentication in SAGA1-L - CVE-2018-17923
Published: October 24, 2018
Vulnerability identifier: #VU15510
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-17923
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: GAIN Electronic
Affected software:
SAGA1-L
SAGA1-L
Detailed vulnerability description
The vulnerability allows a physical attacker to bypass authentication on the target system.
The vulnerability exists due to improper access control. An attacker with physical access to the product can reprogram it.
How to mitigate CVE-2018-17923
Update to version A0.10.