CVE-2016-2275

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
21/02/2016
Last modified:
12/04/2025

Description

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:h:advantech:vesp211-eu:-:*:*:*:*:*:*:*
cpe:2.3:a:advantech:vesp211-eu_firmware:1.7.2:*:*:*:*:*:*:*
cpe:2.3:h:advantech:vesp211-232:-:*:*:*:*:*:*:*
cpe:2.3:a:advantech:vesp211-232_firmware:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:advantech:vesp211-232_firmware:1.7.2:*:*:*:*:*:*:*