2 matches found
Access Control Bypass
Overview genieacs is an A TR-069 Auto Configuration Server ACS Affected versions of this package are vulnerable to Access Control Bypass via the NBI API endpoint. An attacker can gain unauthorized access to sensitive functionality or data by sending unauthenticated requests. Remediation There is ...
CVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...