CVE-2020-14944

CRITICAL

Global RADAR BSA Radar <1.6.7234.24750 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14944. PoCs published by William Summerhill.

AI-analyzed exploit summary This PoC demonstrates CSRF vulnerabilities in BSA Radar 1.6.7234.24750, allowing unauthorized password changes, profile modifications (including stored XSS), and user data enumeration via forged API requests.

Description

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Exploits (1)

exploitdb WORKING POC
by William Summerhill · textwebappshardware
https://www.exploit-db.com/exploits/48653

This PoC demonstrates CSRF vulnerabilities in BSA Radar 1.6.7234.24750, allowing unauthorized password changes, profile modifications (including stored XSS), and user data enumeration via forged API requests.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: BSA Radar - Version 1.6.7234.24750 and lower
Auth required
Prerequisites: Valid session in the application · Knowledge of target UserID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0634
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
globalradar/bsa_radar < 1.6.7234.24750
Published Jun 22, 2020
Tracked Since Feb 18, 2026