CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7909
https://notcve.org/view.php?id=CVE-2017-7909
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. Un problema de uso de autenticación del lado del cliente se detectó en B+B SmartWorx MESR901 versiones de firmwares 1.5.2 y anteriores de Advantech. La interfaz web utiliza JavaScript para comprobar la autenticación de cliente y redireccionar a los usuarios no autorizados. • http://www.securityfocus.com/bid/98257 https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03 • CWE-287: Improper Authentication CWE-603: Use of Client-Side Authentication •