Vulnerabilities > CVE-2015-7924 - Multiple Security vulnerability in Ewon Firmware 10.0S0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ewon
NVD
Published: 2015-12-23
Updated: 2016-12-07

Summary

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a>

Vulnerable Configurations

Part Description Count
OS
Ewon
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/135069/ewon-xsrfsession.txt
idPACKETSTORM:135069
last seen2016-12-05
published2015-12-24
reporterKarn Ganeshen
sourcehttps://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html
titleeWON XSS / CSRF / Session Management / RBAC Issues

References