Carlo Gavazzi EOS-BOX Security Bypass and SQL Injection Vulnerability

Carlo Gavazzi EOS-BOX Security Bypass and SQL Injection Vulnerability

Carlo Gavazzi EOS-BOX is prone to a security-bypass vulnerability because of hard coded passwords issue and an SQL-injection vulnerability.

An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions with administrative privileges, access or modify data, or exploit latent vulnerabilities in the underlying database.

Carlo Gavazzi EOS-BOX versions prior to 1.0.0.1080_2.1.10 are vulnerable.