The web administration server in Solar-Log 500 before 2.8...
High severity
Unreviewed
Published
Dec 8, 2021
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Dec 7, 2021
Published to the GitHub Advisory Database
Dec 8, 2021
Last updated
Jan 27, 2023
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.
References