webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.
References
Link | Resource |
---|---|
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-01T14:22:41
Updated: 2021-09-01T14:22:41
Reserved: 2021-08-31T00:00:00
Link: CVE-2021-40350
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-01T15:15:12.887
Modified: 2021-09-09T20:29:50.943
Link: CVE-2021-40350
JSON object: View
Redhat Information
No data.
CWE