Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.


Vulnerability Type

Incorrect access control


Vendor of Product

Ericsson-LG


Affected Product Code Base

iPECS NMS - A.1Ac


Attack Type

Remote


Reference

https://www.youtube.com/watch?v=ah3MLcAURlc

https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45


Discoverer

Berk Cem Goksel

CVE-2018-10285

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.