CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.

CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.

Attackers could leverage this vulnerability to inject malicious code into Web traffic of affected devices, allowing them to takeover control of devices and inject malicious code into Web traffic of other devices. The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2. EyesOfNetwork Web Interface v5.3 used a weak password hashing algorithm, which allowed attackers to easily decrypt the hashed password of the Web user via a brute-force attack. This could potentially allow attackers to take over control of the device. EyesOfNetwork Web Interface v5.3 used the wp_remote_post function to share arbitrary data with other devices, which allowed remote attackers to conduct clickjacking attacks and hijack the session of the user of an affected device. The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2 to address these issues.

EyesOfNetwork Web Interface v5.3.1

Download v5.3.1 of EyesOfNetwork Web Interface to resolve these vulnerabilities.

EyesOfNetwork Web Interface v5.3.1 and v5.3.2 Fixes

The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2 to address these issues. The update includes a new password hashing algorithm, which prevents attackers from easily decrypting the hashed password of the Web user via brute-force attack, as well as fixes for clickjacking and hijacking attacks against the affected device.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe