CVE-2021-34543

Published: Dec 7, 2021

Modified: Nov 11, 2024

PUBLISHED

Description

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing

https://www.solar-log.com/en/support/firmware/

https://www.exploit-db.com/exploits/49986

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-34543

Description

Affected Products

References