1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Commend
- Equipment: WS203VICM
- Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Commend reports that the following versions of WS203VICM video door station are affected:
- WS203VICM: version 1.7 and prior
3.2 Vulnerability Overview
3.2.1 ARGUMENT INJECTION CWE-88
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.
CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).
3.2.2 IMPROPER ACCESS CONTROL CWE-284
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
CVE-2024-21767 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).
3.2.3 WEAK ENCODING FOR PASSWORD CWE-261
A wea
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: