Lucene search

NCSC.chCVELIST:CVE-2023-0750

HistoryApr 06, 2023 - 1:12 p.m.

CVE-2023-0750 Yellowbrik PEC-1864 authentication bypass

2023-04-0613:12:11

CWE-602

NCSC.ch

www.cve.org

yellowbrik

pec-1864

authentication

bypass

cve-2023-0750

network access

password change

dos

streaming source

integrity compromise

streaming destination

confidentiality compromise

discontinued model

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication.

This would allow an attacker to :

Change the password, resulting in a DOS of the users
Change the streaming source, compromising the integrity of the stream
Change the streaming destination, compromising the confidentiality of the stream

This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Yellowbrik",
    "vendor": "Lynx Technik AG",
    "versions": [
      {
        "status": "affected",
        "version": "PEC 1864"
      }
    ]
  }
]

References

support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-web-ui-for-configuration

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Related for CVELIST:CVE-2023-0750