Unauthenticated Access Control Vulnerability in Winston 1.5.4 Devices

Unauthenticated Access Control Vulnerability in Winston 1.5.4 Devices

CVE-2020-16260 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.

Learn more about our Web Application Penetration Testing UK.