| tiêu đề | yzro Networks Smart S85F management platform has a vulnerability in improper password reset |
|---|
| Mô tả | The system under consideration contains a high vulnerability that allows unauthorized users to reset the password of the admin account. This vulnerability arises due to an insecure POST request method in the system's password reset functionality.
By sending a POST request with the parameters mode=findpwd&find_username=admin&txt_newpwd=123456, an attacker can initiate a password reset for the 'admin' account without proper authentication or authorization. |
|---|
| Nguồn | ⚠️ https://github.com/Changboqian/cve/blob/main/reset_password_improperly.md |
|---|
| Người dùng | changboqian (UID 57692) |
|---|
| Đệ trình | 03/11/2023 07:55 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 11/11/2023 09:29 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 244992 [Byzoro Smart S85F Management Platform V31R02B10-01 /login.php txt_newpwd nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|