Home
Description
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.
References
github.com/...3207_RVR Elettronica TEX Broken Access Control
github.com/...3207_RVR Elettronica TEX Broken Access Control
