CyberSec.Space Logo
Back to CVE Browser

CVE-2021-33842

HIGH
8.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile19.63th
PublishedJun 9, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Affected Platforms (CPE)

💻
Circutor

Sge Plc1000 Firmware

= 0.9.2b

References & Advisories

🔗 https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication
🔗 https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

Related Vulnerabilities

CVE-2021-3384110.0

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...