CVE-2021-40350

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
christiedigitaldwu850-gs_firmware
06.46
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/
https://securityshards.wordpress.com/2021/08/31/cve-pending-christie-dwu850-gs-authentication-bypass/