Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| qolsys | iq_panel | * |
Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| qolsys | iq_panel | * |