CVE-2018-10285

CRITICAL

Ericsson-LG iPECS NMS A.1Ac - Auth Bypass

Title source: llm

Description

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.

Exploits (1)

exploitdb WORKING POC

by Berk Cem Göksel · pythonwebappsphp

https://www.exploit-db.com/exploits/44515

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/berkgoksel/b8e15cb5742540c6987e9d837d6fa8b1

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44515/

Scores

CVSS v3 9.8

EPSS 0.4114

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

ericssonlg/ipecs_nms a.1ac

Published Apr 22, 2018

Tracked Since Feb 18, 2026