Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HPhilips E Alert Firmware
OSPhilips≤ r2.1
Related vulnerabilities
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptograp...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input proper...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or securit...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, su...