CVE-2023-0750 — CRITICAL (9.8)

Vulnerability Description

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lynx-Technik	Yellobrik Pec 1864 Firmware	-
Lynx-Technik	Yellobrik Pec 1864	-

Related Weaknesses (CWE)

CWE-311 CWE-602

References

https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-Vendor Advisory
https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-Vendor Advisory

FAQ

What is CVE-2023-0750?

CVE-2023-0750 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would ...

How severe is CVE-2023-0750?

CVE-2023-0750 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-0750?

Check the references section above for vendor advisories and patch information. Affected products include: Lynx-Technik Yellobrik Pec 1864 Firmware, Lynx-Technik Yellobrik Pec 1864.