CVE-2021-33842

High

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform…

INCIBE·CWE-565·Published 2021-06-09

CVSS

8.8

EPSS

0.00

KEV

Exploits

cve.orgen

294 chars

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

NVDen

294 chars

NVDes

324 chars

Una vulnerabilidad de Autenticación Inapropiada en el parámetro cookies de Circutor SGE-PLC1000 versión del firmware 0.9.2b, permite a un atacante llevar a cabo operaciones como un usuario autenticado. Para explotar esta vulnerabilidad, el atacante debe estar dentro de la red donde se encuentra el dispositivo afectado

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.7	5.1	10.0	AV:A/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H