Vulnerabilities > CVE-2015-7924 - Multiple Security vulnerability in Ewon Firmware 10.0S0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/135069/ewon-xsrfsession.txt |
id | PACKETSTORM:135069 |
last seen | 2016-12-05 |
published | 2015-12-24 |
reporter | Karn Ganeshen |
source | https://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html |
title | eWON XSS / CSRF / Session Management / RBAC Issues |