16 matches found
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
Design/Logic Flaw
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
Cassia Networks Access Controller Security Vulnerability
Cassia Networks Access Controller is an application from Cassia Networks, Inc. provides a powerful IoT network management solution. A security vulnerability exists in Cassia Access Controller version 2.1.1.2303271039 that originates from accessing a Web SSH terminal endpoint without authenticatio...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
PT-2023-25318 · Cassia · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: An issue was discovered in the Cassia Access Controller where the Web SSH terminal endpoint, also known as the spawned console, can be accessed without proper authentication. The...
The vulnerability of the IoT Cassia Access Controller’s access control software allows a hacker to perform a CSRF attack.
The vulnerability of the IoT Cassia Access Controller software for managing access to wireless networks is related to insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote locati...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
CVE-2023-35793
Cassia Networks Cassia Access Controller 2.1.1.2303271039 exposes a CSRF vulnerability in the Web SSH session to gateways. Root cause appears related to insufficient authentication of executed requests, enabling CSRF when establishing a web SSH session. Affected component: Web SSH/session establi...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
PT-2023-5722 · Unknown · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: The issue is related to insufficient authentication of executed requests in the Cassia Access Controller, which can allow a remote attacker to perform a Cross Site Request Forgery...
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
Design/Logic Flaw
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
Cassia Networks Access Controller 路径遍历漏洞
Cassia Networks Access Controller is an application from Cassia USA, Inc. provides a powerful IoT network management solution. Cassia Networks Access Controller suffers from a path traversal vulnerability that can be exploited by an attacker to view any file on a server using a relative path...