Vulnerabilities (CVE)

Filtered by vendor Gok Subscribe
Filtered by product Smartbox 4 Lan Firmware
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12254 2 Gok, Tecson 10 Smartbox 4 Lan, Smartbox 4 Lan Firmware, Smartbox 4 Lan Pro and 7 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.