An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.
Improper access control (incorrect access control) in the kiosk management web interface allows an unauthenticated attacker to bypass identity verification mechanisms. As a result, the attacker can gain access to functions reserved for administrators and escalate their privileges to a higher level. The vulnerability is remotely accessible over the network without requiring an account or user interaction.
An attacker can take complete control of the kiosk device — gaining full access to its configuration, data, and administrative functions. Loss of confidentiality, integrity, and availability of the system is possible.
Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to isolate the web management portal from public networks and restrict access to the interface exclusively to trusted IP addresses.
Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H