Vulnerabilities > CVE-2021-26637 - Missing Authorization vulnerability in Shinasys products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 6 | |
Hardware | 3 |