CVE-2021-22661

Summary

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).

Affected Software

VendorProductVersion RangeStatus
n/aICX35-HWC-A, ICX35-HWC-EVersions 1.9.62 and prioraffected

Weaknesses

  • CWE-264: PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264

ADP Enrichment

CVE Program Container

Additional References

References