Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-12-13T07:26:17.752Z

Updated: 2024-08-03T01:27:54.380Z

Reserved: 2022-11-21T11:21:00.430Z

Link: CVE-2022-4098

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-13T08:15:10.283

Modified: 2024-11-21T07:34:34.737

Link: CVE-2022-4098

cve-icon Redhat

No data.