CVE-2023-0750

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lynx-technik:yellobrik_pec_1864_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lynx-technik:yellobrik_pec_1864:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:37

Type Values Removed Values Added
References () https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-web-ui-for-configuration - Vendor Advisory () https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-web-ui-for-configuration - Vendor Advisory

18 Apr 2023, 17:49

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-06 14:15

Updated : 2024-11-21 07:37


NVD link : CVE-2023-0750

Mitre link : CVE-2023-0750

CVE.ORG link : CVE-2023-0750


JSON object : View

Products Affected

lynx-technik

  • yellobrik_pec_1864
  • yellobrik_pec_1864_firmware
CWE
CWE-602

Client-Side Enforcement of Server-Side Security

CWE-311

Missing Encryption of Sensitive Data