Session Hijacking Vulnerability in Configuration Web Page

Session Hijacking Vulnerability in Configuration Web Page

CVE-2021-23845 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Learn more about our Web App Pen Testing.