2 matches found
AVTECH Room Alert 3E Exposure of Resource to Wrong Sphere (CVE-2019-13379)
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. This plugin only works...
CVE-2019-13379
AVTECH Room Alert 3E devices with firmware versions prior to 2.2.5 are vulnerable to privilege escalation. An attacker who can access the device’s web interface can escalate from an unauthenticated user to administrator by sending cmd.cgi?action=ResetDefaults&src=RA reset and then using default c...