CSAL#52
|
Security Notification # CSAL52 |
|
Advisory Title: Unprivileged Access of Privilege URLs |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#52 |
Document Name: |
Security Notification # CSAL52 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL52 |
CVE / Vulnerability Reference |
OWASP(A5) |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
9 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Unprivileged Access of Privilege URLs (i.e. URLs/links accessible only after login) is possible. If hacker simply knows the URL she/he can enter the URL manually in the browser and hit enter, after which the content or data of that URL is accessible to any user without any validation or authorization. |
|||||
|
Impact |
The presence of a vulnerability that allows unprivileged access to privileged URLs within a system poses a critical threat to the security and integrity of the system's data and operations. By exploiting this vulnerability, unauthorized users can bypass authentication and authorization mechanisms simply by knowing or guessing the URL of a sensitive resource. This direct access can lead to several adverse outcomes. |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||