2 matches found
Design/Logic Flaw
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue e.g., in combination with a successful XSS, or at an unattended workstation to change the admi...
CVE-2018-12073
CVE-2018-12073 affects Eminent EM4544 9.10 devices. The web interface does not require the current password to set a new one, allowing an attacker to change the admin password to a chosen value. This can be exploited in conjunction with an XSS vulnerability or at an unattended workstation. Root c...