The administrative web server on the Digital Alert Systems DASDEC EAS device up to and including 2.0-2 and the Monroe Electronics R189 One-Net EAS device up to and including 2.0-2 uses predictable session ID values, which makes it easier for remote malicious users to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digital alert systems dasdec eas 2.0-1 |
||
monroe electronics r189 one-net eas |
||
digital alert systems dasdec eas |
||
monroe electronics r189 one-net eas 2.0-1 |
||
monroe electronics r189 one-net eas 2.0-0 |
||
digital alert systems dasdec eas 2.0-0 |