Latest Security News about incorrect access control

Incorrect Control over DrayTek Vigor Router

Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. Affected Product(s) […]

FiberHome HG2201T Pre-Auth RCE

Overview : FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Affected Product(s) : FiberHome HG2201T Vulnerability Details : CVE ID : CVE-2019-17187 Incorrect Access Control/Directory Traversal /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Solution : Apply the vendor Security Patch

Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key

  Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. ICS Advisory (ICSA-20-100-01) Rockwell Automation RSLinx Classic Legal Notice All information products included in https://us-cert.gov/ics are provided "as is" for informational [...]

Apache HTTP Server 2.4 vulnerabilities

  Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927   Apache HTTP Server 2.4 vulnerabilities This page lists all security vulnerabilities fixed in released versions [...]

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

  Overview : Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. CVE-2020-10940   PHOENIX CONTACT Local Privilege Escalation in Portico Remote desktop control software VDE-2020-013 (2020-03-27 10:48 UTC+0100) CVE Identifier CVE-2020-10940 Severity 7.8 (CVSS:3.1:AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Vendors PHOENIX CONTACT Affected Products Product Article Number Affected [...]