Polyeco300 Firmware Security Vulnerabilities and Issues — Polyeco300 Firmware CVE List

Lucene search

SielcoPolyeco300 Firmware

5 matches found

CVE•added 2023/10/26 9:15 p.m.•44 views

CVE-2023-46664

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

9.1CVSS8.5AI score0.00019EPSS

CVE•added 2023/10/26 8:15 p.m.•43 views

CVE-2023-0897

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

9.8CVSS9.2AI score0.00082EPSS

CVE•added 2023/10/26 8:15 p.m.•38 views

CVE-2023-46661

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

9.8CVSS9.5AI score0.00082EPSS

CVE•added 2023/10/26 9:15 p.m.•38 views

CVE-2023-46665

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

9.8CVSS9.7AI score0.00016EPSS

CVE•added 2023/10/26 8:15 p.m.•30 views

CVE-2023-5754

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

9.8CVSS9.8AI score0.0008EPSS