Vulnerabilities > CVE-2015-7924 - Unspecified vulnerability in Ewon Firmware 10.0S0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ewon

NVD

Published: 2015-12-23

Updated: 2016-12-07

Summary

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Vulnerable Configurations

Part	Description	Count
OS	Ewon Ewon Ewon Firmware 10.0S0	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/135069/ewon-xsrfsession.txt
id	PACKETSTORM:135069
last seen	2016-12-05
published	2015-12-24
reporter	Karn Ganeshen
source	https://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html
title	eWON XSS / CSRF / Session Management / RBAC Issues

References

http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03
http://www.securityfocus.com/bid/79625
http://seclists.org/fulldisclosure/2015/Dec/118