goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sumavision enhanced_multimedia_router_firmware 3.0.4.27 |