CVE-2023-0750 CRITICAL

CVE-2023-0750: Yellowbrik PEC-1864 authentication bypass

Vendor Lynx Technik Ag

Product Yellowbrik

Weakness CWE-602 · Client-side enforcement

Published April 6, 2023

Last update February 10, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.

Key dates

02Disclosure timeline

April 6, 2023 CVE published

February 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0750 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/602.html

Related vulnerabilities

CVE-2023-0750: Yellowbrik PEC-1864 authentication bypass

01Description

02Disclosure timeline

03References

04Related CVE