Search criteria
10 vulnerabilities found for solstice_pod_firmware by mersive
CVE-2025-66573 (GCVE-0-2025-66573)
Vulnerability from nvd – Published: 2025-12-04 20:45 – Updated: 2026-04-07 14:09
VLAI
Title
Solstice Pod API Session Key Extraction via API Endpoint
Summary
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52104 | exploit |
| https://www.mersive.com/ | product |
| https://documentation.mersive.com/en/solstice/abo… | product |
| https://www.vulncheck.com/advisories/solstice-pod… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mersive | Solstice Pod API Session Key Extraction via API Endpoint |
Affected:
5.5
Affected: 6.2 |
Date Public
2025-03-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:52:11.355912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:52:32.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52104"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solstice Pod API Session Key Extraction via API Endpoint",
"vendor": "mersive",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The Baldwin School Ethical Hackers, The Baldwin School"
}
],
"datePublic": "2025-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.\u003c/p\u003e"
}
],
"value": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:51.175Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52104",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52104"
},
{
"name": "Mersive Homepage",
"tags": [
"product"
],
"url": "https://www.mersive.com/"
},
{
"name": "Solstice Documentation",
"tags": [
"product"
],
"url": "https://documentation.mersive.com/en/solstice/about-solstice.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Solstice Pod API Session Key Extraction via API Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-66573",
"datePublished": "2025-12-04T20:45:13.939Z",
"dateReserved": "2025-12-04T16:22:24.337Z",
"dateUpdated": "2026-04-07T14:09:51.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-35586 (GCVE-0-2020-35586)
Vulnerability from nvd – Published: 2020-12-23 14:58 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:58:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35586",
"datePublished": "2020-12-23T14:58:20.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:13.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35585 (GCVE-0-2020-35585)
Vulnerability from nvd – Published: 2020-12-23 14:56 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:56:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35585",
"datePublished": "2020-12-23T14:56:11.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:14.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35584 (GCVE-0-2020-35584)
Vulnerability from nvd – Published: 2020-12-23 14:53 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35584",
"datePublished": "2020-12-23T14:53:19.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:14.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27523 (GCVE-0-2020-27523)
Vulnerability from nvd – Published: 2020-11-11 14:23 – Updated: 2024-08-04 16:18
VLAI
Summary
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.youtube.com/watch?v=EGW_M1MqAG0 | x_refsource_MISC |
| https://twitter.com/Kevin2600/status/131626114940… | x_refsource_MISC |
| https://documentation.mersive.com/content/topics/… | x_refsource_MISC |
| https://tiger-team-1337.blogspot.com/2020/10/sols… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T14:23:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=EGW_M1MqAG0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"name": "https://twitter.com/Kevin2600/status/1316261149403275264",
"refsource": "MISC",
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"name": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"name": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html",
"refsource": "MISC",
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27523",
"datePublished": "2020-11-11T14:23:42.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66573 (GCVE-0-2025-66573)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:45 – Updated: 2026-04-07 14:09
VLAI
Title
Solstice Pod API Session Key Extraction via API Endpoint
Summary
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52104 | exploit |
| https://www.mersive.com/ | product |
| https://documentation.mersive.com/en/solstice/abo… | product |
| https://www.vulncheck.com/advisories/solstice-pod… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mersive | Solstice Pod API Session Key Extraction via API Endpoint |
Affected:
5.5
Affected: 6.2 |
Date Public
2025-03-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:52:11.355912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:52:32.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52104"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solstice Pod API Session Key Extraction via API Endpoint",
"vendor": "mersive",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The Baldwin School Ethical Hackers, The Baldwin School"
}
],
"datePublic": "2025-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.\u003c/p\u003e"
}
],
"value": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:51.175Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52104",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52104"
},
{
"name": "Mersive Homepage",
"tags": [
"product"
],
"url": "https://www.mersive.com/"
},
{
"name": "Solstice Documentation",
"tags": [
"product"
],
"url": "https://documentation.mersive.com/en/solstice/about-solstice.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Solstice Pod API Session Key Extraction via API Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-66573",
"datePublished": "2025-12-04T20:45:13.939Z",
"dateReserved": "2025-12-04T16:22:24.337Z",
"dateUpdated": "2026-04-07T14:09:51.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-35586 (GCVE-0-2020-35586)
Vulnerability from cvelistv5 – Published: 2020-12-23 14:58 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:58:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35586",
"datePublished": "2020-12-23T14:58:20.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:13.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35585 (GCVE-0-2020-35585)
Vulnerability from cvelistv5 – Published: 2020-12-23 14:56 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:56:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35585",
"datePublished": "2020-12-23T14:56:11.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:14.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35584 (GCVE-0-2020-35584)
Vulnerability from cvelistv5 – Published: 2020-12-23 14:53 – Updated: 2024-08-04 17:09
VLAI
Summary
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.mersive.com/content/pages/r… | x_refsource_MISC |
| https://www.mersive.com/uk/products/solstice/ | x_refsource_MISC |
| https://github.com/aress31/solstice-pod-cves | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aress31/solstice-pod-cves"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
},
{
"name": "https://www.mersive.com/uk/products/solstice/",
"refsource": "MISC",
"url": "https://www.mersive.com/uk/products/solstice/"
},
{
"name": "https://github.com/aress31/solstice-pod-cves",
"refsource": "MISC",
"url": "https://github.com/aress31/solstice-pod-cves"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35584",
"datePublished": "2020-12-23T14:53:19.000Z",
"dateReserved": "2020-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:14.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27523 (GCVE-0-2020-27523)
Vulnerability from cvelistv5 – Published: 2020-11-11 14:23 – Updated: 2024-08-04 16:18
VLAI
Summary
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.youtube.com/watch?v=EGW_M1MqAG0 | x_refsource_MISC |
| https://twitter.com/Kevin2600/status/131626114940… | x_refsource_MISC |
| https://documentation.mersive.com/content/topics/… | x_refsource_MISC |
| https://tiger-team-1337.blogspot.com/2020/10/sols… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T14:23:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=EGW_M1MqAG0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
},
{
"name": "https://twitter.com/Kevin2600/status/1316261149403275264",
"refsource": "MISC",
"url": "https://twitter.com/Kevin2600/status/1316261149403275264"
},
{
"name": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm",
"refsource": "MISC",
"url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
},
{
"name": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html",
"refsource": "MISC",
"url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27523",
"datePublished": "2020-11-11T14:23:42.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}