CVE-2019-9484 Information

Description

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000 as demonstrated by reading the modem password (which is 1234) or reconfiguring \party mode\ or \vacation mode.\

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://medium.com/@SergiuSechel/insecure-permissions-in-glen-dimplex-deutschland-gmbh-implementation-of-carel-pcoweb-configuration-ca3896f24835

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5