CVE-2022-34769

Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rashim:michlol:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 6.3
References
  • {'url': 'https://www.gov.il/en/departments/faq/cve_advisories', 'source': 'cna@cyber.gov.il'}
  • () https://www.gov.il/en/Departments/faq/cve_advisories -

17 Apr 2024, 10:15

Type Values Removed Values Added
Summary (en) PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301 (en) Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-639 CWE-78

Information

Published : 2022-08-05 16:15

Updated : 2024-11-21 07:10


NVD link : CVE-2022-34769

Mitre link : CVE-2022-34769

CVE.ORG link : CVE-2022-34769


JSON object : View

Products Affected

rashim

  • michlol
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')