A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.
2024-10-23T15:15:31.163
2024-10-30T15:48:39.207
Analyzed
CVSSv3.1: 7.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | siemens | intermesh_7177_hybrid_2.0_subscriber | < 8.2.12 | Yes |
| Hardware | siemens | intermesh_7177_hybrid_2.0_subscriber | - | No |
| Operating System | siemens | intermesh_7707_fire_subscriber_firmware | < 7.2.12 | Yes |
| Hardware | siemens | intermesh_7707_fire_subscriber | - | No |