Vulnerabilities > CVE-2021-35336 - Insecure Default Initialization of Resource vulnerability in Tieline IP Audtio Gateway Firmware 2.6.4.8

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tieline

CWE-1188

critical

NVD

Published: 2021-07-01

Updated: 2022-07-12

Summary

Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.

Vulnerable Configurations

Part	Description	Count
OS	Tieline Tieline IP Audtio Gateway Firmware - Tieline IP Audtio Gateway Firmware 2.6.4.8	2
Hardware	Tieline Tieline IP Audtio Gateway -	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c