CVE-2013-4732
30.06.2013, 19:28
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.Enginsight
| Vendor | Product | Version |
|---|---|---|
| digital_alert_systems | dasdec_eas | 𝑥 ≤ 2.0-2 |
| digital_alert_systems | dasdec_eas | 2.0-0 |
| digital_alert_systems | dasdec_eas | 2.0-1 |
| monroe_electronics | r189_one-net_eas | 𝑥 ≤ 2.0-2 |
| monroe_electronics | r189_one-net_eas | 2.0-0 |
| monroe_electronics | r189_one-net_eas | 2.0-1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References