vendor:
APOLLO VX20
by:
John Page (aka hyp3rlinx)
6.1
CVSS
HIGH
Incorrect Access Control (DOS)
284
CWE
Product Name: APOLLO VX20
Affected Version From: APOLLO VX20 < 1.3.58
Affected Version To: 1.3.1958
Patch Exists: YES
Related CWE: CVE-2024-25736
CPE: a:wyrestorm:apollo_vx20:1.3.57
Platforms Tested:
2024
Incorrect Access Control Vulnerability in WyreStorm APOLLO VX20 Devices
A vulnerability was found in WyreStorm Apollo VX20 devices prior to version 1.3.58, allowing remote attackers to trigger a device restart through an HTTP GET request to /device/reboot endpoint. This vulnerability is identified as CVE-2024-25736.
Mitigation:
To mitigate this vulnerability, users should update their WyreStorm Apollo VX20 devices to version 1.3.58 or later to apply the necessary security patches.