VYPR

Solstice::Session

by Solstice

CVEs (4)

  • CVE-2026-5085CriApr 13, 2026
    risk 0.59cvss 9.1epss 0.00

    Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the…

  • CVE-2020-35587HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack…

  • CVE-2020-35586HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase…

  • CVE-2020-35585HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.