Unauthenticated Remote Access to Solar-Log 500 Web Administration Server

Unauthenticated Remote Access to Solar-Log 500 Web Administration Server

CVE-2021-34543 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.

Learn more about our Web App Pen Testing.