Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.
Improper session management (CWE-384) in the Elber REBLE310 device allows an attacker to hijack an active session of an authenticated user. The attack is possible remotely, without authentication and without user interaction. By exploiting the hijacked session, the attacker gains access to the functions and data available to the logged-in user.
An attacker can completely hijack the session of an authenticated user, resulting in unauthorized access to sensitive data, the ability to modify device configuration, and potential disruption of its operation.
Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict network access to the device management interface and monitor active sessions.
Elber REBLE310 Firmware v5.5.1.R, device model: REBLE310/RX10/4ASI
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H