Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEchelon I.lon 100
HWEchelonwszystkie wersjeEchelon I.lon 100 Firmware
OSEchelonwszystkie wersjeEchelon I.lon 600
HWEchelonwszystkie wersjeEchelon I.lon 600 Firmware
OSEchelonwszystkie wersjeEchelon Smartserver 1
HWEchelonwszystkie wersjeEchelon Smartserver 1 Firmware
OSEchelonwszystkie wersjeEchelon Smartserver 2
HWEchelonwszystkie wersjeEchelon Smartserver 2 Firmware
OSEchelon< 4.11.007
Related vulnerabilities
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow a...