Bypassing Page-Access Restrictions and Password Modification in AVer Information EH6108H+ Devices

Bypassing Page-Access Restrictions and Password Modification in AVer Information EH6108H+ Devices

CVE-2016-6536 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.

Learn more about our Web Application Penetration Testing UK.