logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-21991

Description

AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.


Affected Software


CPE Name Name Version
ave:dominaplus ave dominaplus 1.10.77
ave:53ab-wbs_firmware ave 53ab-wbs firmware 1.10.62
ave:ts01_firmware ave ts01 firmware 1.0.65
ave:ts03x-v_firmware ave ts03x-v firmware 1.10.45a
ave:ts04x-v_firmware ave ts04x-v firmware 1.10.45a
ave:ts05_firmware ave ts05 firmware 1.10.36
ave:ts05n-v_firmware ave ts05n-v firmware -

Related