Oaklouds Portal
CVE-2021-22850
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
AnalysisAI
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. Affected products include: Hgiga Oaklouds Portal.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
More in Oaklouds Portal
View allHGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CV
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interfa
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network inte
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. Rated high severity (CVSS 8.8), this
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today