Vulnerabilities > CVE-2020-35584 - Unspecified vulnerability in Mersive Solstice POD Firmware

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

mersive

NVD

Published: 2020-12-23

Updated: 2021-07-21

Summary

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

Vulnerable Configurations

Part	Description	Count
OS	Mersive Mersive Solstice POD Firmware - Mersive Solstice POD Firmware 2.6.0 Mersive Solstice POD Firmware 2.6.2 Mersive Solstice POD Firmware 2.7.0 Mersive Solstice POD Firmware 2.7.2 Mersive Solstice POD Firmware 2.7.3 Mersive Solstice POD Firmware 2.8.0 Mersive Solstice POD Firmware 2.8.4 Mersive Solstice POD Firmware 2.8.7 Mersive Solstice POD Firmware 2.8.9 Mersive Solstice POD Firmware 3.0.1	11
Hardware	Mersive Mersive Solstice POD -	1

Summary

Vulnerable Configurations

References