CVE-2021-46416

High

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to…

mitre·CWE-639·Published 2022-04-07

CVSS

8.1

EPSS

0.07

KEV

Exploits

cve.orgen

158 chars

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.

NVDen

158 chars

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.

NVDes

196 chars

Una referencia directa a objetos no segura en SUNNY TRIPOWER versión 5.0 firmware 3.10.16.R, que conlleva a un acceso de grupos de usuarios no autorizados debido al manejo no seguro de las cookies

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.5	8.0	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
3.1	Primary	NVD	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N