VYPR

Solstice Pod

by Solstice

CVEs (2)

  • CVE-2020-35586HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase…

  • CVE-2020-35585HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.