Authentication Bypass and Arbitrary Action Vulnerability in Christie Digital DWU850-GS V06.46 Devices

CVE-2021-40350 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.

Learn more about our Web Application Penetration Testing UK.