Insecure Access Control in Advantech/B+B SmartWorx VESP211-EU and VESP211-232 Devices

Insecure Access Control in Advantech/B+B SmartWorx VESP211-EU and VESP211-232 Devices

CVE-2016-2275 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.

Learn more about our Web App Pen Testing.