In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.
References
Link | Resource |
---|---|
http://blog.iancaling.com/post/145973147383 | Third Party Advisory |
http://www.securityfocus.com/bid/91263 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-03-30 00:59
Updated : 2017-04-04 18:59
NVD link : CVE-2016-10309
Mitre link : CVE-2016-10309
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
ceragon
- fibeair_ip-10
- fibeair_ip-10_firmware