Privilege Escalation via Default Credentials on AVTECH Room Alert 3E Devices

Privilege Escalation via Default Credentials on AVTECH Room Alert 3E Devices

CVE-2019-13379 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Learn more about our Web App Pen Testing.