CVE-2018-6624

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:omron:ns_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:omron:ns12:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:nsh5:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns5:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns8:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns10:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:ns15:-:*:*:*:*:*:*:*

Information

Published : 2018-02-05 10:29

Updated : 2019-10-02 17:03


NVD link : CVE-2018-6624

Mitre link : CVE-2018-6624


JSON object : View

CWE
CWE-425

Direct Request ('Forced Browsing')

Advertisement

dedicated server usa

Products Affected

omron

  • ns12
  • ns5
  • ns_series_firmware
  • ns15
  • ns10
  • nsh5
  • ns8