uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
CPE | Name | Operator | Version |
---|---|---|---|
advantech_webaccess | le | 6.0 | |
advantech_webaccess | eq | 5.0 |