Authentication Bypass and Arbitrary Action Vulnerability in Christie Digital DWU850-GS V06.46 Devices
CVE-2021-40350 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.
Learn more about our Web Application Penetration Testing UK.