HIGH🇬🇧 English

CVE-2025-49181

CVSS 8.6v3.1pub. 2025-06-12upd. 2026-02-03

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  • Sick Media Server

    APP
    Sick
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-49194HIGH7.5ten sam produkt

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...

CVE-2025-49183HIGH7.5ten sam produkt

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...

CVE-2025-49182HIGH7.5ten sam produkt

Files in the source code contain login credentials for the admin user and the property configuration password,...

CVE-2025-49195MEDIUM5.3ten sam produkt

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-forc...

CVE-2025-49197MEDIUM6.5ten sam produkt

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to ga...