CRITICAL🇬🇧 English

CVE-2019-6527

CVSS 9.8v3.1pub. 2019-02-12upd. 2024-11-21

PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kunbus Pr100088 Modbus Gateway

    HW
    Kunbus
    wszystkie wersje
  • Kunbus Pr100088 Modbus Gateway Firmware

    OS
    Kunbus
    < r02
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-6533CRITICAL9.1ten sam produkt

Registers used to store Modbus values can be read and written from the web interface without authentication in...

CVE-2019-6531HIGH8.1ten sam produkt

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions ...

CVE-2019-6549HIGH7.2ten sam produkt

An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions pri...

CVE-2019-6529MEDIUM4.9ten sam produkt

An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior t...

CVE-2025-41646CRITICAL9.8PL ✓ten sam vendor

Obejście uwierzytelnienia w Kunbus RevPi Status poprzez błędną konwersję typów