CVE-2018-6624

CRITICAL

OMRON NS <1.4 - Auth Bypass

Title source: llm

Description

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.

References (1)

[Third Party Advisory] http://misteralfa-hack.blogspot.cl/2018/02/otomron-login-bypass.html

Scores

CVSS v3 9.8

EPSS 0.0079

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (1)

omron/ns_series_firmware 1.1 - 1.3

Published Feb 05, 2018

Tracked Since Feb 18, 2026