Because the web management interface for Unified Intents Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attackers choosing.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Unified_remote | Unifiedremote | * | 3.11.0.2483 (including) |