Security Advisory

CVE-2019-13405

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-29 00:19:23

Last updated 2024-09-16 22:24:40

Assigner twcert

State PUBLISHED

Description

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.

← Browse all CVEs View on cve.org ↗