An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eltex | esp-200_firmware | 1.2.0 |
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eltex | esp-200_firmware | 1.2.0 |
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eltex | esp-200_firmware | 1.2.0 |
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eltex | esp-200_firmware | 1.2.0 |
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eltex | esp-200_firmware | 1.2.0 |