CVE-2023-0750

Published: Apr 6, 2023

Modified: Feb 10, 2025

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.

Vendor	Product	Versions
Lynx Technik AG	Yellowbrik	affected `PEC 1864`

Weaknesses (CWE)

CWE-602

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-web-ui-for-configuration

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-0750

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References