iSmartAlarm Cube One through 2.2.4.10 Diagnostic Files Access Control Vulnerability

iSmartAlarm Cube One through 2.2.4.10 Diagnostic Files Access Control Vulnerability

CVE-2018-16224 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.

Learn more about our Web Application Penetration Testing UK.