VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2023· Updated Feb 10, 2025

Yellowbrik PEC-1864 authentication bypass

CVE-2023-0750

Description

Authentication bypass in Yellobrik PEC-1864 due to client-side JavaScript checks; no patch available as device is discontinued.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authentication bypass in Yellobrik PEC-1864 due to client-side JavaScript checks; no patch available as device is discontinued.

Vulnerability

The Yellobrik PEC-1864 implements authentication checks solely via JavaScript in the frontend interface, which can be bypassed when the device is accessible over the network. All versions of the PEC-1864 are affected. The device has been discontinued and no patch has been issued by the manufacturer [1].

Exploitation

An attacker with network access to the device can bypass the frontend authentication by intercepting or manipulating the JavaScript-based checks. No prior authentication is required; the attacker simply needs to access the web interface.

Impact

Successful exploitation allows the attacker to change the device password (leading to denial of service for legitimate users), change the streaming source (compromising stream integrity), or change the streaming destination (compromising stream confidentiality) [1].

Mitigation

No patch is available. The manufacturer recommends that the device should only be connected to secure/private networks and not exposed to public networks. As the product is discontinued, replacement with a supported alternative is advised [1].

References
  1. PEC 1864: Web UI for configuration

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.