VYPR

M3 ATM Monitoring System

by Lan ATMService

CVEs (2)

  • CVE-2020-29667CriDec 10, 2020
    risk 0.64cvss 9.8epss 0.03

    In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.

  • CVE-2020-29666MedDec 10, 2020
    risk 0.35cvss 5.3epss 0.01

    In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.