In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| silextechnology | geh-sd-320an_firmware | * |
| silextechnology | sx-500_firmware | - |
| silextechnology | sd-320an_firmware | * |
| silextechnology | geh-500_firmware | * |
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| silextechnology | geh-sd-320an_firmware | * |
| silextechnology | sd-320an_firmware | * |