2019-07-07 15:44:11
mitre
PUBLISHED
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the devices web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.