Filtered by vendor Gok Subscriptions
Filtered by product Smartbox 4 Lan Pro Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-12254 2 Gok, Tecson 10 Smartbox 4 Lan, Smartbox 4 Lan Firmware, Smartbox 4 Lan Pro and 7 more 2024-11-21 9.8 Critical
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.