Design/Logic Flaw

2024-01-1602:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

moko technology ltd

remote attacker

privilege escalation

session management

administrative web interface

nvd

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.1%

JSON

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.

CPENameOperatorVersion
mkgw1_gateway_firmwarele1.1.1

CPE	Name	Operator	Version
	mkgw1_gateway_firmware	le	1.1.1

References

github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management

www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf