On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device’s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
CPE | Name | Operator | Version |
---|---|---|---|
room_alert_3e_firmware | lt | 2.2.5 |