CVE-2022-3083

All versions of Landis+Gyr E850 ZMQ200 are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie...

Input validation

All versions of Landis+Gyr E850 ZMQ200 are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie...

CVE-2022-3083

All versions of Landis+Gyr E850 ZMQ200 are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie...

CVE-2022-3083

CVE-2022-3083 affects all versions of Landis+Gyr E850 (ZMQ200). The vulnerability is CWE-784: Reliance on Cookies Without Validation and Integrity, where web application navigation depends on the session cookie value; an attacker changing cookie values could render the web interface inaccessible....

Landis+Gyr E850

1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Low attack complexity Vendor: Landis+Gyr Equipment: E850 ZMQ200 Vulnerability: Reliance on Cookies without Validation and Integrity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition for the end...

hik-connect.com / ezvizlife.com Authentication Bypass

There is a full write up of this bug here: https://medium.com/@evstykas/hackvision-8f50924e56d Vulnerability Security Advisory ======================================================================= title: No validation on cookie values product: hik-connect.com and ezvizlife.com vulnerable versio...