CVE-2021-40350

EUVD-2021-27528
webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
christiedigitaldwu850-gs_firmware
06.46
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/