MultiFLEX M10a Controller Multiple Security Vulnerabilities

MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities:

1. Multiple security-bypass vulnerabilities
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability

Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.


Bugtraq ID: 101259
Class: Unknown
CVE: CVE-2017-14013

Remote: Yes
Local: No
Published: Oct 13 2017 12:00AM
Updated: Oct 13 2017 12:00AM
Credit: Maxim Rupp
Vulnerable: ProMinent MultiFLEX M10a Controller 0

Not Vulnerable:


An attacker can exploit these issues through a browser or readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.

Related Posts