An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the devices insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.
Weakness
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hy511_firmware | Njhyst | * | 2.1 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/226.html
- https://cwe.mitre.org/data/definitions/31.html
- https://cwe.mitre.org/data/definitions/39.html