CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-33842

HIGH
8.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile19.63th
Published2021年6月9日
Last Modified2024年11月21日

Vulnerability Description

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Affected Platforms (CPE)

💻
Circutor

Sge Plc1000 Firmware

= 0.9.2b

References & Advisories

🔗 https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication
🔗 https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

相关漏洞威胁

CVE-2021-3384110.0

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...