Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for solstice_pod_firmware by mersive

    CVE-2025-66573 (GCVE-0-2025-66573)

    Vulnerability from nvd – Published: 2025-12-04 20:45 – Updated: 2026-05-28 14:49
    VLAI
    Title
    Solstice Pod API Session Key Extraction via API Endpoint
    Summary
    Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    mersive Solstice Pod API Affected: 5.5
    Affected: 6.2
    Create a notification for this product.
    Date Public
    2025-03-29 00:00
    Credits
    The Baldwin School Ethical Hackers, The Baldwin School
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66573",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T17:52:11.355912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T17:52:32.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/52104"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Solstice Pod API",
              "vendor": "mersive",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Baldwin School Ethical Hackers, The Baldwin School"
            }
          ],
          "datePublic": "2025-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSolstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.\u003c/p\u003e"
                }
              ],
              "value": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T14:49:28.470Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-52104",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/52104"
            },
            {
              "name": "Mersive Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.mersive.com/"
            },
            {
              "name": "Solstice Documentation",
              "tags": [
                "product"
              ],
              "url": "https://documentation.mersive.com/en/solstice/about-solstice.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Solstice Pod API Session Key Extraction via API Endpoint",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-66573",
        "datePublished": "2025-12-04T20:45:13.939Z",
        "dateReserved": "2025-12-04T16:22:24.337Z",
        "dateUpdated": "2026-05-28T14:49:28.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-35586 (GCVE-0-2020-35586)

    Vulnerability from nvd – Published: 2020-12-23 14:58 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:58:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35586",
        "datePublished": "2020-12-23T14:58:20.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:13.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35585 (GCVE-0-2020-35585)

    Vulnerability from nvd – Published: 2020-12-23 14:56 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:14.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:56:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35585",
        "datePublished": "2020-12-23T14:56:11.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:14.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35584 (GCVE-0-2020-35584)

    Vulnerability from nvd – Published: 2020-12-23 14:53 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:14.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:53:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35584",
        "datePublished": "2020-12-23T14:53:19.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:14.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27523 (GCVE-0-2020-27523)

    Vulnerability from nvd – Published: 2020-11-11 14:23 – Updated: 2024-08-04 16:18
    VLAI
    Summary
    Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:44.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-11T14:23:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-27523",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.youtube.com/watch?v=EGW_M1MqAG0",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
                },
                {
                  "name": "https://twitter.com/Kevin2600/status/1316261149403275264",
                  "refsource": "MISC",
                  "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
                },
                {
                  "name": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
                },
                {
                  "name": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html",
                  "refsource": "MISC",
                  "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-27523",
        "datePublished": "2020-11-11T14:23:42.000Z",
        "dateReserved": "2020-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:18:44.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-66573 (GCVE-0-2025-66573)

    Vulnerability from cvelistv5 – Published: 2025-12-04 20:45 – Updated: 2026-05-28 14:49
    VLAI
    Title
    Solstice Pod API Session Key Extraction via API Endpoint
    Summary
    Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    mersive Solstice Pod API Affected: 5.5
    Affected: 6.2
    Create a notification for this product.
    Date Public
    2025-03-29 00:00
    Credits
    The Baldwin School Ethical Hackers, The Baldwin School
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66573",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T17:52:11.355912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T17:52:32.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/52104"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Solstice Pod API",
              "vendor": "mersive",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Baldwin School Ethical Hackers, The Baldwin School"
            }
          ],
          "datePublic": "2025-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSolstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.\u003c/p\u003e"
                }
              ],
              "value": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T14:49:28.470Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-52104",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/52104"
            },
            {
              "name": "Mersive Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.mersive.com/"
            },
            {
              "name": "Solstice Documentation",
              "tags": [
                "product"
              ],
              "url": "https://documentation.mersive.com/en/solstice/about-solstice.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Solstice Pod API Session Key Extraction via API Endpoint",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-66573",
        "datePublished": "2025-12-04T20:45:13.939Z",
        "dateReserved": "2025-12-04T16:22:24.337Z",
        "dateUpdated": "2026-05-28T14:49:28.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-35586 (GCVE-0-2020-35586)

    Vulnerability from cvelistv5 – Published: 2020-12-23 14:58 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:58:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35586",
        "datePublished": "2020-12-23T14:58:20.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:13.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35585 (GCVE-0-2020-35585)

    Vulnerability from cvelistv5 – Published: 2020-12-23 14:56 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:14.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:56:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35585",
        "datePublished": "2020-12-23T14:56:11.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:14.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35584 (GCVE-0-2020-35584)

    Vulnerability from cvelistv5 – Published: 2020-12-23 14:53 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:14.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mersive.com/uk/products/solstice/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aress31/solstice-pod-cves"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T14:53:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mersive.com/uk/products/solstice/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aress31/solstice-pod-cves"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user\u0027s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.mersive.com/content/pages/release-notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/pages/release-notes.htm"
                },
                {
                  "name": "https://www.mersive.com/uk/products/solstice/",
                  "refsource": "MISC",
                  "url": "https://www.mersive.com/uk/products/solstice/"
                },
                {
                  "name": "https://github.com/aress31/solstice-pod-cves",
                  "refsource": "MISC",
                  "url": "https://github.com/aress31/solstice-pod-cves"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35584",
        "datePublished": "2020-12-23T14:53:19.000Z",
        "dateReserved": "2020-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:14.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27523 (GCVE-0-2020-27523)

    Vulnerability from cvelistv5 – Published: 2020-11-11 14:23 – Updated: 2024-08-04 16:18
    VLAI
    Summary
    Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:44.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-11T14:23:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-27523",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.youtube.com/watch?v=EGW_M1MqAG0",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"
                },
                {
                  "name": "https://twitter.com/Kevin2600/status/1316261149403275264",
                  "refsource": "MISC",
                  "url": "https://twitter.com/Kevin2600/status/1316261149403275264"
                },
                {
                  "name": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"
                },
                {
                  "name": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html",
                  "refsource": "MISC",
                  "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-27523",
        "datePublished": "2020-11-11T14:23:42.000Z",
        "dateReserved": "2020-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:18:44.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }