Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
7.5HIGH3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

  • affected from V1.4.0_build221212 before V1.4.0_build221212 

Versions 1 Total

Default Status: unknown

affected

  • affected from V3.2.30_build221223 before V3.2.30_build221223 

Versions 1 Total

Default Status: unknown

affected

  • affected from V3.2.30_build221223 before V3.2.30_build221223 

Versions 1 Total

Default Status: unknown

affected

  • affected from V3.14.0_build230117 before V3.14.0_build230117 

Versions 1 Total

Default Status: unknown

affected

  • affected from V3.3.8_build230112 before V3.3.8_build230112 

Versions 1 Total

Default Status: unknown

affected

  • affected from V3.5.0_build220706 before V3.5.0_build220706 

Credits

  • Andres Hinnosaar

Updated:

This container includes required additional information provided by the CVE Program for this vulnerability.

Authorized Data Publishers

Learn more