Evertz SDVN 3080ipx-10G 漏洞列表

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz.This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz.This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.

Web 界面有两个端点，容易受到任意命令注入的攻击，并且身份验证机制存在导致身份验证绕过的缺陷。 未经身份验证的远程攻击者可以在受影响的设备上以提升的权限 （root ） 获得任意命令执行