CVE-2018-6624

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:omron:ns_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:omron:ns10:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns12:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns15:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns5:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns8:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:nsh5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:11

Type Values Removed Values Added
References () http://misteralfa-hack.blogspot.cl/2018/02/otomron-login-bypass.html - Third Party Advisory () http://misteralfa-hack.blogspot.cl/2018/02/otomron-login-bypass.html - Third Party Advisory

Information

Published : 2018-02-05 18:29

Updated : 2024-11-21 04:11


NVD link : CVE-2018-6624

Mitre link : CVE-2018-6624

CVE.ORG link : CVE-2018-6624


JSON object : View

Products Affected

omron

  • ns12
  • ns10
  • ns15
  • ns8
  • nsh5
  • ns_series_firmware
  • ns5
CWE
CWE-425

Direct Request ('Forced Browsing')