A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
References
Link | Resource |
---|---|
https://github.com/anselal/antminer-monitor | Product |
https://packetstormsecurity.com/files/164048/Antminer-Monitor-0.5.0-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/50267 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-17T13:46:57
Updated: 2022-06-18T09:31:25
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-40903
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-17T14:15:08.060
Modified: 2023-08-08T14:22:24.967
Link: CVE-2021-40903
JSON object: View
Redhat Information
No data.
CWE