Unauthenticated Access Control Vulnerability in Winston 1.5.4 Devices
CVE-2020-16260 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
Learn more about our Web Application Penetration Testing UK.