ControlByWeb X-320M ICSA-19-017-03 Authentication Bypass and Cross-site Scripting Vulnerabilities
BID:106655
CVE-2018-18881 | CVE-2018-18882 |Info
ControlByWeb X-320M ICSA-19-017-03 Authentication Bypass and Cross-site Scripting Vulnerabilities
| Bugtraq ID: | 106655 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-18881 CVE-2018-18882 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2019 12:00AM |
| Updated: | Jan 17 2019 12:00AM |
| Credit: | John Elder and Tom Westenberg of Applied Risk |
| Vulnerable: |
ControlByWeb X-320M-I 1.05 |
| Not Vulnerable: |
ControlByWeb X-320M-I 1.06 |
Discussion
ControlByWeb X-320M ICSA-19-017-03 Authentication Bypass and Cross-site Scripting Vulnerabilities
ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible.
X-320M-I firmware revision v1.05 and prior are vulnerable.
ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible.
X-320M-I firmware revision v1.05 and prior are vulnerable.
References
ControlByWeb X-320M ICSA-19-017-03 Authentication Bypass and Cross-site Scripting Vulnerabilities
References:
References:
- X-320M Web-Enabled Weather Station Product Page (ControlByWeb)
- ICSA-19-017-03 ControlByWeb X-320M (CERT)