Vulnerabilities > CVE-2014-8384 - Authentication Bypass vulnerability in Infocus In3128Hd Firmware 0.26
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. <a href="http://cwe.mitre.org/data/definitions/306.html">Missing Authentication for Critical Function</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/131661/CORE-2015-0008.txt |
| id | PACKETSTORM:131661 |
| last seen | 2016-12-05 |
| published | 2015-04-28 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/131661/InFocus-IN3128HD-Projector-Missing-Authentication.html |
| title | InFocus IN3128HD Projector Missing Authentication |