Vulnerabilities > CVE-2020-35585 - Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://github.com/aress31/solstice-pod-cves
- https://github.com/aress31/solstice-pod-cves
- https://www.mersive.com/uk/products/solstice/
- https://www.mersive.com/uk/products/solstice/