CVE-2018-12073

Vulnerability

The Eminent EM4544 (firmware version 9.10) web interface does not require the user's current password to set a new one. This missing authentication check means that any request to change the admin password will succeed without verifying the old credential. The affected component is the password change functionality in the web administration panel [1].

Exploitation

An attacker can exploit this by either (a) combining it with a cross-site scripting (XSS) attack to force an authenticated admin's browser to submit a password change request, or (b) gaining physical or remote access to an unattended workstation that has an active admin session. In both cases, no knowledge of the current password is needed; the attacker simply submits the new desired password via the web interface [1].

Impact

Successful exploitation allows an attacker to change the admin password arbitrarily, gaining full administrative control over the device. This can lead to complete compromise of the device's configuration, network access, and any data it handles [1].

Mitigation

No firmware update or official fix has been published by Eminent for this vulnerability. As of the available references, users are advised to restrict network access to the device's web interface (e.g., via firewall rules) and ensure physical security of the device to prevent unauthorized access [1].