The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-45031 | The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Status: PUBLISHED
Assigner: SWI
Published:
Updated: 2024-08-02T18:31:53.807Z
Reserved: 2023-08-14T20:59:20.798Z
Link: CVE-2023-40460
No data.
Status : Modified
Published: 2023-12-04T23:15:25.180
Modified: 2024-11-21T08:19:30.983
Link: CVE-2023-40460
No data.
OpenCVE Enrichment
No data.
EUVD