Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.
An attacker can bypass the authentication mechanism through an alternative path or access channel (Authentication Bypass Using an Alternate Path or Channel). This means there is a possibility of gaining access to protected resources or device functions without providing valid credentials. The vulnerability is remotely accessible, requires no user interaction, and does not require any privileges.
An attacker can gain unauthorized access to panel functions, potentially taking control of the device and associated infrastructure. Due to high CVSS values in the areas of confidentiality, integrity, and availability of both the system and external resources, the consequences of compromise can be very severe.
The manufacturer confirmed that the product is unsupported and no patches will be released. It is recommended to immediately isolate devices from the public network (e.g., through a firewall or network segmentation), restrict access to them only from trusted local networks, and consider replacing the devices with actively supported alternatives.
GST Electronics inohom Nova Panel N7 in all software versions up to and including 1.9.9.6.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:X/RE:X/U:Red