Authentication bypass in SRN-4000 - CVE-2017-7912
Published: May 18, 2017 / Updated: May 19, 2017
Vulnerability identifier: #VU6602
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-7912
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hanwha Techwin
Affected software:
SRN-4000
SRN-4000
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to improper access control. A remote attacker can send a specially crafted HTTP request and gain access to the web management portal with admin privileges without proper authentication.
Successful exploitation of the vulnerability results in admin access to the device management page.
The weakness exists due to improper access control. A remote attacker can send a specially crafted HTTP request and gain access to the web management portal with admin privileges without proper authentication.
Successful exploitation of the vulnerability results in admin access to the device management page.
How to mitigate CVE-2017-7912
Update to version v2.16_170401.